Barracuda Networks Technical Documentation

Barracuda Spam & Virus Firewall

Administrator’s Guide
Version 5.1

RECLAIM YOUR NETWORK™

Copyright Notice
Copyright (c) 2004-2012, Barracuda Networks, Inc., 3175 S. Winchester Blvd, Campbell, CA 95008 USA www.barracuda.com v5.1-111018-11-0314 All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.

Trademarks
Barracuda Spam & Virus Firewall is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders.

Contents
Chapter 1 – Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 9
Overview . . . . . . . . . . . . . . . . . . . . . . . What This Guide Covers . . . . . . . . . . . . . Easy Administration . . . . . . . . . . . . . . . . IPv6 Network Support . . . . . . . . . . . . . . . 12 Layers of Virus and Spam Protection . . . . . Inbound Message Filtering . . . . . . . . . . Outbound Message Filtering and Encryption . Internal Virus Scanning . . . . . . . . . . . . Energize Updates Maximize Protection . . . . . . Barracuda Central . . . . . . . . . . . . . . How Energize Updates Defeat Spam . . . . Barracuda Spam & Virus Firewall Models . . . . . . Contacting Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 10 10 10 11 11 11 12 12 12 13 14 15

C h a p t e r 2 – B a r r a c u d a Spa m & Vir u s F i r e w a l l C o n c e p ts . 17
Twelve Layers of Defense . . . . . . . . . . . . . . . . . . . Maximizing Efficiency and Performance of Spam Scanning Connection Management Layers . . . . . . . . . . . . . . . . Denial of Service Protection. . . . . . . . . . . . . . . . . Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . IP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . Sender Authentication. . . . . . . . . . . . . . . . . . . . Recipient Verification . . . . . . . . . . . . . . . . . . . . Mail Scanning Layers . . . . . . . . . . . . . . . . . . . . . . Virus Scanning . . . . . . . . . . . . . . . . . . . . . . . User-specified rules (custom policy) . . . . . . . . . . . . Fingerprint Analysis . . . . . . . . . . . . . . . . . . . . . Intent Analysis. . . . . . . . . . . . . . . . . . . . . . . . Image Analysis . . . . . . . . . . . . . . . . . . . . . . . Bayesian Analysis . . . . . . . . . . . . . . . . . . . . . . Spam Scoring . . . . . . . . . . . . . . . . . . . . . . . . Predictive Sender Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 18 19 19 19 19 20 20 21 21 21 21 22 22 22 22 24

C h a p t e r 3 – G e t t i n g Sta r t e d . . . . . . . . . . . . . . . . . . . . . . 25
Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual Machine Deployment . . . . . . . . . . . . . . . . . . . Best Practices for Configuring Your Hypervisor . . . . . . . Checklist for Unpacking . . . . . . . . . . . . . . . . . . . . . . Installation Examples . . . . . . . . . . . . . . . . . . . . . . . Barracuda Spam & Virus Firewall Behind Corporate Firewall Barracuda Spam & Virus Firewall in the DMZ . . . . . . . . Clustering the Barracuda Spam & Virus Firewall . . . . . . . Install the Barracuda Spam & Virus Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 26 26 26 27 27 27 28 29
3

. Changing the Language of the Web Interface . . Advanced Email Security Policy . . . . . . . . Global Versus Domain Level Administration . . Outbound Message Footer . . . . . . . . . . . Limiting User Access to a Clustered System . . . . . . Internal Virus Scanning For Your Microsoft Exchange Mail Server Attachment Block Notifications . . . . . . . . . . . . . . . . Product Tips . . . Update the Barracuda Spam & Virus Firewall Firmware . . . Viewing Performance and Email Statistics . . . . . . . . . . . . 46 46 46 46 47 47 47 47 48 48 48 48 48 49 49 4 Barracuda Spam & Virus Firewall Administrator’s Guide . . . . . . . . . Virus Checking and Notifications . . . . . . . . . . . . . . . Domain Level Configuration . Spam and Quarantine Notifications . . Setting up Quarantine . . . . . . . . . . . . . . . . Administrative Settings and the Web Interface . . . . . . . . . . . Monitor and Classify Outgoing Emails . . . . . . . . . . . . .Global or Domain-level . . Invalid Bounce Suppression. . . . . . . . . . . . . . . . . . . . . Securing User Access With Single Sign On. . . . . . . . . . . . . . . . Tune and Monitor the Default Spam and Virus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Quarantine and Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configure IP Address and Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . Activate Your Subscriptions . . . . . . . . . . . . . . . . . . . . . . .Inbound . . . . . . . . . Route Incoming Email to the Barracuda Spam & Virus Firewall . . . . . . . . . . . . . . . . . . . .Outbound . . . . . . . . . . . . . . . . . . . . . . . . Spam Scoring . Controlling Access to the Web Interface . . . . . . . . . . . . . LDAP and User Account Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Email . . . . . . . . . . . . . . . . . . . . . . . . Configure Scanning of Outgoing Mail . . Use the Cloud Protection Layer . . . . . . . . . . . . . . . . . . . . . . Configure your Corporate Firewall . . . . 29 30 30 31 32 33 34 34 34 35 35 36 36 36 36 37 37 37 37 38 38 39 39 40 40 40 41 41 41 41 42 42 42 C h a p t e r 4 – S e c u r i n g t h e B a r r a c u d a Spa m & Vir u s F i r e w a l l 45 Securing Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitor and Classify Incoming Emails . . Limiting Access to the API . . . . . . . Initial Configuration of the System . . . . . Email Statistics . . . . . . . . . . . . . . . . Customizing the Appearance of the Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Links in Notification Emails . . . . . . . . . SMTP/TLS (Transport Layer Security) encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Account Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting the Time Zone of the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Block. . . . . . . . . . . . . . . . . . . . . . . . . . Email Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .APC UPS Support. . . . . . . . . Tracking Changes to the Configuration and User Login Activities Limiting User Access . . . . . . . . . . . . . . . . . . . . . . . . Update Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Securing the Outbound Relay of Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing Spam and Virus Scanning With a Local User Set . . . . . . . . . . . . . Enabling SSL for Administrators and Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C h a p t e r 5 – A d v a n c e d I n b o u n d Spa m F i l t e r i n g P o l i c y . . . . . . . . . . . . . Spam Scoring . . When Rate Control Takes Effect . . . . . . . . . . . . Global Bayesian Filtering Versus Per-User . . . . . . . . IP Address Filtering . . . . . . . . . Reverse DNS Blocking . . . . . . Spam Filtering and Quarantine of Outbound Mail . . . . . . . . . . .Outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Rate Control . . . . . . . . . . Domain and Email Address Filtering of Outbound Mail . . . . . . . . . . . . . . .Outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Outbound Quarantine . . . . . . . . . . . . . . . . . . . Fingerprint Analysis . . . . . . . . . . . . . . . . . . . . . . Attachment Filename and Type Filtering . . . . . Sender Whitelisting . . . . . Exemptions from Rate Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Requirements for Using Encryption . . . .Outbound . . . . . . . . . . . 52 52 52 53 53 53 53 54 54 54 54 55 55 55 56 56 56 57 57 57 57 58 58 59 C h a p t e r 6 – O u t b o u n d F i l t e r i n g P o l i c y . . . . . . . . . . . . Attachment Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . Exempting IP Addresses from the BRBL and Other Blocklists Subscribing to External blocklist Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Content Analysis . . . . . . . . . . . . . . . . . . . . . . . . . Fingerprint Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Content Analysis . . . . . Intent Analysis . . . . Rate Control for Outbound Mail. . . . . . Image Analysis . IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Outlook and Lotus Notes Plugins . . . . . . . . . . . . . . . Sender and Recipient Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Barracuda Reputation (BRBL) . Custom Content Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Trusted Forwarders . . . . . . . . . . . . . . . . . . . . . . . 61 Encryption of Outbound Mail . . . . . . . . . . . . . . . Blocking Email by Country . . . . . . . . . . . . . . . . . . . . . . . . Setting Encryption Policy for Outbound Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intent Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . IP Reputation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting the Best Accuracy From the Bayesian Database . . . . . . . . . . . . . .Inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encryption and Quarantine. . . . . . . . . . . . . . . . Reverse DNS Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Branding . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Precedence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring and Using Encryption. . Image Analysis . . . . . . . . . . . . . . When to Use Bayesian Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secured Message Contents . . . . . . . . . . Attachment Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Outbound. . . . . 62 62 62 62 62 63 63 63 64 64 64 65 65 65 66 66 66 67 67 67 67 67 68 5 . . .Outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Blocking and Queuing Sending and Receiving Encrypted Messages. . . . . . . . . . . . . . . . . . Custom Content Filters . . . . . . . . . . . . . . . . . . . . Bayesian Analysis . How Bayesian Analysis Works . . . . .Outbound Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . Exemptions from SPF Checking . . . . . . . . . . . . . . . . . . . . . . . . 84 84 84 85 86 86 86 87 87 6 Barracuda Spam & Virus Firewall Administrator’s Guide . . . . . . . . . . . . . . Sender Policy Framework (SPF) . . . . . . . . . . . . . . . . . . . . . . LDAP lookup . . . . . . . . . . . . . . . . Non-Delivery Reports (NDRs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mail Protocol (SMTP) Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Forwarding . . . . . . . . . . . . . . . . . . . Advanced Networking . . . . . . . . . . . . Remote Administration . . Viewing Email Statistics . . . Data Not Synchronized Across the Cluster . . . . Setting Up Clustered Systems . . . . . . . . . . . Spam Bounce Non-Delivery Reports (NDRs) . . . Where Do the Quarantined Messages Go? Linking Domains for One Quarantine Inbox The Quarantine Inbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Explicit Users to Accept For (Valid Recipients) . . . . . . . . Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Per-user Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C h a p t e r 7 – C l o u d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 How Quarantine of Inbound Mail Works . . . Loopback Adapter . . . . . . . . . . . Redundancy of user quarantine data on the cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 70 71 71 71 72 C h a p t e r 8 – A d v a n c e d C o n f i g u r a t i o n . . . . . . . . . . . . . . . . . .B a s e d P r o t e c t i o n . . . . Invalid Bounce Suppression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 74 74 74 75 75 75 76 76 76 76 77 77 77 78 79 79 79 79 80 80 80 80 81 81 81 81 82 C h a p t e r 9 – M a n a g i n g I n b o u n d Q u a r a n t i n e . . . . . . . . . . . . . . . . . . . . . Turning Quarantine Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the Network Interfaces . . . . . . . . . .Trusted Forwarders . . . . . Configuring Cloud Protection Layer Spam & Virus Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Centralized Policy Management With a Quarantine Host . . . . . . . . . . . . . . . . . . . . . . 69 Advantages of Using Cloud-Based Protection . . . Quarantine Options . . . . . . . . Clustering the Barracuda Spam & Virus Firewall . . . . Integration With the Barracuda Spam & Virus Firewall . . . . . . . . . . . . . . . . . . . . . . . . . Sender Spoof Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Up Your Cloud Protection Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Alias Linking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Monitor Incoming Emails . . . . . . . . . . . . . . . . . . . . . . . . . . Using Global Quarantine . 73 Sender Authentication . . Recipient Verification . . . . . Removing a Barracuda Spam & Virus Firewall From a Cluster . . . . . . . . . . . . . . . . . . . Alias Linking . . . . Domain Keys (DKIM) Inspection . . . . . Reducing Backscatter . . . . . . Remote IMAP/POP Accounts. . . . . . . . . . .

. . . . . . . . . . . . . . . . . 96 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Front Panel Indicator Lights . . . . . . . . . . . . . . . . Creating and Managing Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Task Manager to Monitor System Tasks . . . . Assigning Quarantine Inbox Permissions to Selected Users . . . Editing Accounts and Assigning Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Generating System Reports . . . . . . . . . . . . . . . . Setting up Alerts . . 96 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 . . . . . . . . . . . . . . . . . . . Testing Network Connectivity . Automatic Account Creation. . . . . . . . . . . . . . . . . . . . . . . . . Helpdesk Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 88 88 88 89 89 89 C h a p t e r 1 0 – M a n a g i n g A c c o u n ts a n d D o m a i n s . . . . . . . . . . . . Using a Syslog Server to Centrally Monitor System Logs. . . . . . . . . . . . . . . When to Disable Automatic Creation of Accounts Manually Creating User Accounts .114 . . . . . . . . . . . . . . . . . . . . . . . . . The Message Log. . . 98 . . . Using the Barracuda Control Center . . . . . . Role-based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Domain Level Settings . . . User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 . Single Sign-On and User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . Retention Policy and Purging Old Messages . Account Creation by Users . . . Example Helpdesk Use Cases . . . . . . . . . . . . . . . . . . . . . . . . Domain Admin Role . . . . . . . . 111 . . . . . . . . . . . . . . . . .113 . . . . . . 92 . . . . . . . . . . . Connect to Barracuda Support Servers . . . . . . . . . . . . . . . . . . 105 Viewing Performance Statistics . 95 . . Setting up SNMP Query and Alerts . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 7 . . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . . . . . . . Auditor Account . . . Inbound and Outbound Message Queues . . . . . . . . . . . . .114 114 114 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Minimizing Excessive Storage of Email . . . . . . . . . . . . . . . . . . . . . . . 106 106 106 108 109 109 109 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 . . . 92 . . . 99 100 100 102 102 102 103 103 C h a p t e r 11 – M o n i t o r i n g t h e S y s t e m . . . . . . . . . . . . . . . Helpdesk Role. . . . . . . . . . . . . . . . Use Case Scenarios For Role Assignments . . . . Automating the Delivery of Scheduled System Reports . . .All_Domains Permissions . . . . . . . Quarantine Notifications. . . . . . . . . . 96 . . . . . . . . . Assigning Features to User Accounts . . . . . Setting up Emailed System Alerts . . . . . . 94 . . . . . . . . How the Quarantine Digest Works . . . . . . . . . . . . . . . . . . Retrying All Outbound Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . Overriding Default Account Features Settings . . . . . .All_Domains Permissions . . . . . . . . . . . . . . . 91 Creating and Managing Domains. . . . . Troubleshooting. . Domain Admin Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 . . . Reporting .Controlling Access to Account Features . . . . . . . . . . . . . . Diagnostic Tools . . . . . . . . . . Roles and Navigating the Web Interface . . . . . .

. . . . . . . . . . . . . . . . . . . .118 . . . . . . . . . . . . . . . . 141 8 Barracuda Spam & Virus Firewall Administrator’s Guide . . . . . . . Reloading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C h a p t e r 1 2 – M a i n t e n a n c e . . . . . . . . . . . 125 125 125 125 126 A p p e n d i x B – L i m i t e d Wa r r a n t y a n d L i c e n s e . . . . . . . . . . . . . . . . . . . . . . . . . .118 . . . . . . . . . . Notice for Canada . . . . Replacing a Failed System . . . . . . . 117 Updating the Firmware and Definitions . . . . . . . . . . . . . . . . . . . . . . . Notice for the USA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backing up and Restoring Your System . . . Exclusive Remedy. Updating the Definitions from Energize Updates . . . . . . . . . . . . . . . . . . . . . . . . Restarting. . . . . . . . . . . . . . . . . . Energize Update Software License Open Source Licensing . . . . . . . Restoring a Backup . . . Notice for Europe (CE Mark) Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Barracuda Instant Replacement Service .118 118 . . . . . . Software License . . . . . . . . . . . . . . . . . . . . .119 . . . Updating the Firmware on your Barracuda Spam & Virus Firewall Updating the Firmware of Clustered Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 129 130 130 131 135 I n d e x . . . . . . Rebooting the System in Recovery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and Shutting Down the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 119 120 121 122 123 123 124 124 A p p e n d i x A – A b o u t t h e H a r d w a r e . . . . . . . . 125 Hardware Compliance. . . . . . . . . . . Backup Up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reboot Options . . . . 129 Limited Warranty . . . . . . . . . . . . . . . Exclusions and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Built-in Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Three Types of Backups Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.............. ......................... .......14 Contacting Technical Support......................... ..10 Barracuda Spam & Virus Firewall Models ...................................15 Introduction 9 .................................................Chapter 1 Introduction This chapter provides an overview of the Barracuda Spam & Virus Firewall and includes the following topics: Overview ...................................

you can view system email and performance statistics and subscription status on the BASIC > Status page.1 and later of the Barracuda Spam & Virus Firewall supports sending and receiving email over both IPv4 and IPv6 networks. In addition to protecting your mail server from malware from the Internet. While email sent over IPv6 networks will be scanned for viruses and spam. the Barracuda Spam & Virus Firewall can be scaled to support hundreds of thousands of active email users. The administrator can elect to receive alerts and notifications from the Barracuda Spam & Virus Firewall at any email address and has message and system logs available to quickly assess the status of the system. the Barracuda Exchange Anti-Virus add-in for the MS Exchange Server can secure your internal mail transactions as well. Key email statistics and system performance can be viewed at a glance on the BASIC > Status page of the Web interface. IP-based analysis and policies are not applied to IPv6 in this version. To view the online help. What This Guide Covers This guide provides concepts and general guidance the administrator needs to understand how to best configure the Barracuda Spam & Virus Firewall according to the organization’s deployment needs. blocking infected messages on your internal network. this guide will specify the name of the tab in the Web interface in uppercase letters. followed by a ( > ) and the actual page name. To minimize ongoing administration associated with security. IPv6 Network Support Note that version 5. 10 Barracuda Spam & Virus Firewall Administrator’s Guide . policies and email infrastructure. For example. the 24x7 operations center operated by Barracuda Networks to monitor and block the latest Internet threats. procedural configuration steps are given in the rich online help of the Web interface. automatically delivers Energize Updates to your Barracuda Spam & Virus Firewall (see below). Easy Administration The powerful Web interface of the Barracuda Spam & Virus Firewall allows for convenient configuration and management of spam and virus filtering policies and email security settings from one central location.Overview The Barracuda Spam & Virus Firewall is an integrated hardware and software solution that provides powerful and scalable spam and virus-blocking capabilities without affecting the performance of your mail servers. When referring to specific feature settings. click the Help button on the right side of any page of the Web interface. With no per-user license fee. General discussion of the powerful features of the Barracuda Spam & Virus Firewall are presented here while detailed. Barracuda Central. These updates include the latest spam and virus definitions for the most current protection against viruses and other security threats.

Every “good” inbound email message passes through these 12 layers. Outbound Message Filtering and Encryption Any message sent through the Barracuda Spam & Virus Firewall addressed to a domain that is configured on the system is treated as an inbound message. Any emails that survive the connection verification process must then undergo a thorough mail scanning process that involves seven defense layers of message analysis. which include five connection management layers and seven mail scanning layers: • • • • • • • • • • • • Denial of service Rate control IP Reputation Analysis Sender Authentication Recipient Verification Virus Scanning Custom policies Spam Fingerprint Analysis Intent Analysis Image Analysis Bayesian Analysis Rule-based spam scoring The following figure shows each of these defense layers in action and indicates that six of the twelve layers of defense are updated constantly by Barracuda Networks Energize Updates: Figure 1.12 Layers of Virus and Spam Protection Inbound Message Filtering Using the Web interface. Outbound messages can optionally be encrypted based on the filtering policy you configure. Introduction 11 . The algorithms and techniques used by the Barracuda Spam & Virus Firewall are continuously updated via the Barracuda Energize Updates service to stay ahead of spam and virus trends as they emerge. All Barracuda Spam & Virus Firewall models include essential outbound mail filtering techniques that help organizations to ensure that all outgoing email is legitimate and virus-free. All others are treated as outbound messages. you can configure up to twelve defense layers that protect your users from spam and viruses. inbound emails are filtered through five defense layers to verify authenticity of envelope information and any inappropriate incoming mail connections are dropped even before receiving the message.1: Twelve Layers of Defense During the connection management process.

Figure 1. you can use the redirect action in your filtering policy for outbound mail that you want to redirec to that encryption server. p. For details on installation and configuration.If you already have an email encryption service or server in place.2: Constant Updates to Barracuda Central 12 Barracuda Spam & Virus Firewall Administrator’s Guide . These updates are then automatically updated around the clock to your Barracuda Spam & Virus Firewall via the Energize Updates feature. 61. and every outbound email message passes through the following layers: • • • • • • • Rate Control Virus Scanning Custom Policies Spam Fingerprint Analysis Intent Analysis Image Analysis Rule-based Spam Scoring See Outbound Filtering Policy. see Internal Virus Scanning For Your Microsoft Exchange Mail Server on page 40. for configuring outbound mail filtering. Quarantine of outbound messages can be managed at the per-domain level as well as at the global level. Internal Virus Scanning The easy-to-install Barracuda Exchange Anti-Virus Add-in provides virus scanning for internal mail that may not pass through the Barracuda Spam & Virus Firewall. collecting data from worldwide collection points. engineers at Barracuda Central monitor the Internet for trends in spam and virus attacks. Energize Updates Maximize Protection Barracuda Central To provide your organization with maximum protection against the latest types of spam and virus attacks.

For example. When an email reaches the spam scoring filter. the Barracuda Spam & Virus Firewall scrutinizes: • A message’s header and subject line for offensive characters or words • The percentage of HTML in the message • Whether a message contains an “unsubscribe” link These properties (along with many others) help the Barracuda Spam & Virus Firewall to determine the spam score for a message that you’ll see displayed on the Message Log page of the Web interface. By default. Energize Updates provide your Barracuda Spam & Virus Firewall with the following benefits: • • • • • • Barracuda Reputation (see Barracuda Reputation (BRBL). Introduction 13 . the Barracuda Spam & Virus Firewall assigns scores to all the properties of the message. the team at Barracuda Central can quickly develop new and improved blocking techniques that are automatically made available to your Barracuda Spam & Virus Firewall.By identifying spam and virus trends at an early stage.3: Energize Updates from Barracuda Central Delivers New Spam and Virus Definitions How Energize Updates Defeat Spam The Barracuda Spam & Virus Firewall scrutinizes all the characteristics of a message and uses a complex system of scores to determine whether or not a message is spam. Energize Updates are set to automatically keep the spam rules and scores up-to-date so that the Barracuda Spam & Virus Firewall can quickly counteract evolving techniques used by spammers. p. 53) Spam definitions Security definitions Virus definitions Access to the latest firmware Ability to use outbound email encryption Figure 1.

000– 10.000– 30.000 250 10 GB Model 400 1.000 200 GB Model 900 15.000– 5.000– 22.000 5.000 500 50 GB Model 600 3.Barracuda Spam & Virus Firewall Models The Barracuda Spam & Virus Firewall comes in a variety of models.000 250 GB Model 1000 25.000 5. Refer to the following table for the capacity and features available on each model: Table 1.000 750 GB                                                                                   Hot Swap Hot Swap Hot Swap Hot Swap 14 Barracuda Spam & Virus Firewall Administrator’s Guide .1: Feature Active email users Domains Quarantine Storage Compatible with all mail servers Hardened and secure OS Spam blocking Virus scanning Outbound Email Filtering STARTTLS encryption support Per-user settings and quarantine MS Exchange/ LDAP Accelerator Syslog support SNMP/API Per Domain Settings Clustering Redundant Disk Array (RAID) Model 100 1–50 10 Model 200 1–500 50 Model 300 300– 1.000 100 GB Model 800 8.000 5.000– 100.000 5.

Introduction 15 .com/support and click on the Support Case Creation link. or if you are in the United States.barracuda.com • Online: visit http://www.barracuda.Table 1.com. Register and log in at http://forum. (888) Anti-Spam. or (888) 268-4772 • By email: use support@barracuda.1: Feature Per-user score settings Customizable Branding Hot Swap Redundant Power Supply Model 100 Model 200 Model 300 Model 400 Model 600 Model 800 Model 900 Model 1000         Hot Swap Hot Swap Hot Swap Contacting Technical Support To contact Barracuda Networks Technical Support: • By phone: call 1-408-342-5400. There is also a Barracuda Networks Support Forum available where users can post and answer other users’ questions.

16 Barracuda Spam & Virus Firewall Administrator’s Guide .

........... The Getting Started chapter walks through initial setup and configuration of the system to get you up and running.............Chapter 2 Barracuda Spam & Virus Firewall Concepts This chapter introduces the general topics that will help you understand what your Barracuda Spam & Virus Firewall can do and how to approach configuring the features that are important to your particular deployment and organization policies.. 21 Predictive Sender Profiling....................... 18 Connection Management Layers .............................................................. 24 Barracuda Spam & Virus Firewall Concepts 17 ........................................................................ Twelve Layers of Defense ........................................................................... 19 Mail Scanning Layers ..

Barracuda Reputation (realtime RBLs) and Recipient Verification. pros and cons. These layers have the greatest impact on filtering speed and performance relative to all the other layers such that any inappropriate incoming mail connections are dropped even before receiving the message. Quarantined or Sent. Note that using the Quarantine or Tag actions with some layers may use more system resources than Block or Allow actions. Advanced Spam Filtering Policy and chapter 6. as described below. Quarantined. 18 Barracuda Spam & Virus Firewall Administrator’s Guide . More detailed information about features that support each layer.of the connection and mail scanning features to enable and tune for the best combination of performance and accuracy of the Barracuda Spam & Virus Firewall. Inbound messages may be Blocked. while outbound messages may be Blocked. Tagged or Allowed. The Barracuda Spam & Virus Firewall takes a configured action when it identifies a message as spam or otherwise in violation of configured Block and Accept policies. Advanced Configuration. Maximizing Efficiency and Performance of Spam Scanning Using Rate Control.if not all. as well as Barracuda Networks’ recommendations are addressed in chapter 5. can maximize filtering performance of the Barracuda Spam & Virus Firewall for inbound mail.Twelve Layers of Defense Understanding each of the 12 layers of defense prepares you to make decisions about which .

the Barracuda Spam & Virus Firewall performs analysis on the IP address of inbound mail based on the following: • Barracuda Reputation . For the average small or medium business. both reducing processing requirements and eliminating the chances of false positives. The Connection Management layers generally require less processing time than the seven content scanning layers that follow. Likewise. administrators can define a list of bad email senders for blocking. may observe block rates at the Connection Management layers exceeding 99 percent of total email volume. more than half of the total email volume can be blocked using Connection Management techniques. By listing trusted mail servers by IP address. Extremely large Internet Service Providers (ISPs) or even small Web hosts.this feature leverages data on network addresses and domain names collected from spam traps and throughout other systems on the Internet. IP addresses of incoming connections are compared to the Barracuda Reputation Blocklist and the Barracuda Reputation Whitelist. To protect the email infrastructure from these flood-based attacks. In some cases. and suspicious incoming messages are either blocked. while under attack. This layer does not apply to outbound mail. tagged or quarantined. Denial of Service Protection Built on a hardened and secure Linux operating system. Rate Control Automated spam software can be used to send large amounts of email to a single mail server. insulating your organization’s mail server from receiving direct Internet connections and associated threats. The sending histories associated with the IP addresses of all sending mail servers are analyzed to determine the likelihood of legitimate messages arriving from those addresses. the Barracuda Spam & Virus Firewall receives inbound email on behalf of the organization. Several organizations maintain external blocklists of known spammers. External blocklists . administrators can avoid spam scanning of good email. IP Analysis After applying rate controls based on IP address. the Barracuda Spam & Virus Firewall counts the number of incoming connections from a particular IP address (inbound mail) or sender email address (outbound mail) during a 30 minute interval and throttles the connections once a particular threshold is exceeded.Also known as real-time blocklists (RBLs) or DNS blocklists (DNSBLs). page 52.Connection Management Layers These layers provide the most value in your Barracuda Spam & Virus Firewall deployment for inbound mail as they identify and block unwanted email messages before accepting the message body for further processing. administrators may choose to utilize the IP blocklists to restrict specific mail servers as a matter of policy rather than as a matter of spam protection. See Rate Control. if enabled. for more on configuring this feature. Allowed and blocked IP address lists: Customer-defined policy for allowed and blocked IP addresses. • • Barracuda Spam & Virus Firewall Concepts 19 .

When receiving a message from a domain. allowing the sending domain to assert responsibility for a message. Recipient Verification The Barracuda Spam & Virus Firewall verifies the validity of recipient email addresses for inbound messages (not outbound) through multiple techniques to prevent invalid bounce messages. page 73 chapter for details on configuring this layer. SMTP recipient verification and using a local database for recipient verification. The Barracuda Spam & Virus Firewall Sender Authentication layer uses a number of techniques on inbound mail to both validate the sender of an email message and apply policy. page 73 chapter to learn about LDAP integration. the recipient can check the signature of the message to verify that the message is. See the Advanced Configuration. See the Advanced Configuration. Sender Policy Framework (SPF) tracks sender authentication by having domains publish reverse MX records to display which machines are designated as mail sending machines for that domain. DomainKeys (DKIM) dictates that a sending domain cryptographically signs outgoing messages. The recipient can check those records to make sure mail is coming from a designated sending machine. performing a DNS lookup of domain names and enforcing RFC 821 compliance. indeed. 20 Barracuda Spam & Virus Firewall Administrator’s Guide . from the sending domain and that the message has not been tampered with.Sender Authentication Declaring an invalid “from” address is a common practice by spammers. including domain name spoof protection.

Mail Scanning Layers Virus Scanning The most basic level of Mail Scanning is virus scanning. See Internal Virus Scanning For Your Microsoft Exchange Mail Server on page 40 for details about getting and installing the add-in from the Barracuda Spam & Virus Firewall Web interface. and other malware attacks as they emerge. This feature provides fingerprint analysis. • Virus Scanning takes precedence over all other Mail Scanning techniques and is applied even when mail passes through the Connection Management layers. When BRTS is enabled. an image) across many instances of spam. BRTS allows customers the ability to report virus and spam propagation activity at an early stage to Barracuda Central. As such. Fingerprint Analysis A message “fingerprint” is based on commonly used message components (e. any new virus or spam outbreak can be stopped in realtime for industry-leading response times to email-borne threats. message headers. The Barracuda Exchange Anti-Virus Add-in for the Microsoft Exchange Server can empower your mail server to do virus scanning of internal mail and of previously stored mail using constantly updated virus signatures detected by Barracuda Central. our advanced 24/7 security operations center that works to continuously monitor and block the latest Internet threats. By utilizing virus definitions.. gathered and maintained by Barracuda Central. a set of advanced technologies that enables each Barracuda Spam & Virus Firewall to immediately block the latest virus. spyware. perhaps for compliance or governance reasons. Both inbound and outbound email messages are subject to Fingerprint Analysis Barracuda Spam & Virus Firewall Concepts 21 . Proprietary virus definitions. message bodies and attachment file type. Engineers at Barracuda Central work around the clock to identify new spam fingerprints which are then updated on all Barracuda Spam & Virus Firewalls through hourly Barracuda Energize Updates. virus protection and intent analysis. sender email addresses or recipients are still scanned for viruses and blocked if a virus is detected. sender domains. Administrators can set custom content filters for inbound and/or outbound mail based on the subject. even email coming from “whitelisted” IP addresses. The three layers of virus scanning of inbound and outbound mail include: • • Powerful open source virus definitions from the open source community help monitor and block the latest virus threats. The Barracuda Spam & Virus Firewall utilizes three layers of virus scanning and automatically decompresses archives for comprehensive protection. Fingerprint analysis is often a useful mechanism for blocking future instances of spam once an early outbreak is identified. which take precedence over spam blocking rules delivered to the system automatically through Barracuda Energize Updates. User-specified rules (custom policy) Administrators can choose to define their own policies. Barracuda Real-Time Protection (BRTS).g. Barracuda Spam & Virus Firewall customers receive the best and most comprehensive virus and malware protection available.

To mitigate attempts by spammers to foil OCR through speckling.The Barracuda Spam & Virus Firewall contains specialized algorithms for analyzing animated GIFs for suspect content. To determine the likelihood that a new email message is spam. Spam Scoring Once an inbound or outbound message has passed the initial Barracuda Spam & Virus Firewall block/accept filters. These techniques include: • • Optical character recognition (OCR). Web links and phone numbers embedded in email messages to determine whether they are associated with legitimate entities. • Bayesian Analysis Bayesian Analysis applies only to inbound mail and is a linguistic algorithm that profiles language used in both spam messages and legitimate email for any particular user or organization. including real-time and multi-level intent analysis. the Barracuda Spam & Virus Firewall also uses Image Analysis techniques on both inbound and outbound mail which protect against new image variants. The Barracuda Spam & Virus Firewall only uses Bayesian Analysis after administrators or users profile a corpus of at least 200 legitimate (not spam) messages and 200 spam messages.Enables the Barracuda Spam & Virus Firewall to analyze the text rendered inside embedded images. This score ranges from 0 (definitely not spam) to 9 or greater (definitely spam). Based on this score. Intent analysis involves researching email addresses. Image Analysis While Fingerprint Analysis captures a significant percentage of images after they have been seen. the Barracuda Spam & Virus Firewall also utilizes a number of lightweight image processing technologies to normalize the images prior to the OCR phase. The Barracuda Spam & Virus Firewall applies various forms of Intent Analysis to both inbound and outbound mail. Image processing . Intent Analysis is the defense layer that catches phishing attacks. Animated GIF analysis .Intent Analysis All spam messages have an “intent” – to get a user to reply to an email. it receives a score for its spam probability. shading or color manipulation. More heavyweight image processing algorithms are utilized at Barracuda Central to quickly generate fingerprints that can be used by the Barracuda Spam & Virus Firewall to block messages. to visit a Web site or to call a phone number. Bayesian Analysis does not apply to outbound mail. the Barracuda Spam & Virus Firewall can take one of the following actions: • • • • • Block Quarantine Tag (inbound mail only) Allow (inbound mail only) Send (outbound mail only) 22 Barracuda Spam & Virus Firewall Administrator’s Guide . Frequently. Bayesian Analysis compares the words and phrases used in the new email against the corpus of previously identified email.

when the user logs into their account. quarantine and block scoring levels for that account. The administrator or the Domain admin role can set the spam scoring levels on the BASIC > Spam Checking page. Barracuda Spam & Virus Firewall Concepts 23 . If per-user spam scoring is enabled. Per-User Spam Scoring: The Barracuda Spam & Virus Firewall 600 and higher allows the administrator to enable users to set their own spam score levels for inbound mail if per-user quarantine is enabled. they will see the PREFERENCES > Spam Settings page from which they can set tag.Domain Level Spam Scoring: The Barracuda Spam & Virus Firewall 400 and higher allows for setting spam score levels for inbound mail at the domain level.

which blocks email with "From" addresses which use an allowed recipient domain on the Barracuda Spam & Virus Firewall. Rate Control is configured from the BLOCK/ACCEPT > Rate Control page. Realtime Intent Analysis on the Barracuda Spam & Virus Firewall is typically used for new domain names and involves performing DNS lookups and comparing DNS configuration of new domains against the DNS configurations of known spammer domains. which may ultimately trigger a Rate Control deferral. include the following: • Sending too many emails from a single network address Automated spam software can be used to send large amounts of email from a single mail server.Predictive Sender Profiling When spammers try to hide their identities. For this and other SMTP security settings. This involves looking beyond the reputation of the apparent sender of a message. many spammers switch domain names used in a campaign and send blast emails on the first day of domain registration. The sender is required to make a new connection to continue sending messages. If the number of messages in one session exceeds this threshold. Using LDAP lookup or a local database to verify valid recipients as well as Sender Spoof Protection. just like a bank needs to look beyond the reputation of a valid credit card holder of a card that is lost or stolen and used for fraud. Registering new domains for spam campaigns Because registering new domain names is fast and inexpensive. The Rate Control feature on the Barracuda Spam & Virus Firewall can be set to limit the number of connections made from any IP address within a 30 minute time period. a behavior indicative of directory harvest or dictionary attacks. Some examples of spammer behavior that attempts to hide behind a valid domain. protects against receiving mail targeted to invalid recipients. the rest of the messages are temporarily blocked and are displayed in the message log as being "Deferred" with "Per-Connection Message Limit Exceeded" as the reason for the postponement. and the Barracuda Spam & Virus Firewall features that address them. With Multilevel Intent Analysis. Using free Internet services to redirect to known spam domains Use of free Web sites to redirect to known spammer Web sites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. see the ADVANCED > Email Protocol page. The Messages Per SMTP Session setting limits the number of messages allowed in one SMTP session. • • 24 Barracuda Spam & Virus Firewall Administrator’s Guide . the Barracuda Spam & Virus Firewall inspects the results of Web queries to URIs of well-known free Web sites for redirections to known spammer sites. Recipient Verification on the Barracuda Spam & Virus Firewall enables the system to automatically reject SMTP connection attempts from email senders that attempt to send to too many invalid recipients. • Attempting to send to too many invalid recipients Many spammers attack email infrastructures by harvesting email addresses. the Barracuda Spam & Virus Firewall can use Predictive Sender Profiling to identify behaviors of all senders and apply the applicable Barracuda Spam & Virus Firewall defense tactic to reject connections and/or messages from spammers. Violations are logged to identify spammers.

.................................................................... Initial Setup .......................................Chapter 3 Getting Started This chapter will guide you in installing the Barracuda Spam & Virus Firewall and beginning to scan and monitor email traffic............................................... 34 Administrative Settings and the Web Interface ................................ 26 Initial Configuration of the System.................................. 36 Tune and Monitor the Default Spam and Virus Settings ....................... 38 Viewing Performance and Email Statistics................. 31 Route Incoming Email to the Barracuda Spam & Virus Firewall......... 42 Getting Started 25 ................................ 41 Setting up Quarantine..........

Once you have installed your Barracuda Spam & Virus Firewall Vx and configured your firewall. Configuration is the same for virtual and hardware appliances.barracudacentral. Most likely you will want to use the 'bridged' networking setup on VMWare. If any item is missing or damaged. virtual appliances can be easily scaled for performance and capacity and also lend themselves to quicker backup and disaster recovery.com. 800. Checklist for Unpacking Before installing your Barracuda Spam & Virus Firewall. The Barracuda Spam & Virus Firewall Vx virtual appliance easily integrates with existing virtual environments such as VMware.Also make sure your DNS servers can resolve updates. you can test the configuration using the ADVANCED > Troubleshooting page in the Web interface to ping updates. simplify deployments and reduce their environmental footprint. match the items on this list with the items in the box. skip the following section.com Best Practices for Configuring Your Hypervisor Barracuda Networks recommends the following for best configuration of your VM client running the Barracuda Spam & Virus Firewall Vx: • Allocate 1 GB of RAM for the virtual appliance per CPU allocated. Important: When deploying the Barracuda Spam & Virus Firewall Vx. and 900 only) Also required for installation: • • • VGA monitor PS2 keyboard Ethernet cables 26 Barracuda Spam & Virus Firewall Administrator’s Guide . • You will need only a single virtual NIC on your virtual appliance.com. As the organization grows. • • • Barracuda Spam & Virus Firewall (check that you have received the correct model) AC power cord Mounting rails (Barracuda Spam & Virus Firewall 600. you will need to configure your network firewall to allow ICMP traffic to outside servers as well as opening port 443 to updates.barracudacentral.Initial Setup For hardware appliance deployment. Virtual Machine Deployment Barracuda Networks offers a virtual appliance version of the Barracuda Spam & Virus Firewall to provide organizations a way to save money. please contact your Barracuda Networks Sales representative.barracudacentral.

Installation Examples
Barracuda Spam & Virus Firewall Behind Corporate Firewall
The figure below shows the Barracuda Spam & Virus Firewall behind your corporate firewall. In this example, the Mail Server has an IP address of 10.10.10.2 and the Barracuda Spam & Virus Firewall has an IP address of 10.10.10.3.

Figure 3.1: The Barracuda Spam & Virus Firewall behind the corporate firewall

In this type of setup, perform the following tasks: • • Forward (port redirection) incoming SMTP traffic on port 25 to the Barracuda Spam & Virus Firewall at 10.10.10.3. Configure the Barracuda Spam & Virus Firewall to forward filtered messages to the destination mail server at 10.10.10.2.

There is no need to modify any MX records for this type of setup.

Barracuda Spam & Virus Firewall in the DMZ
The figure below shows the Barracuda Spam & Virus Firewall in front of your corporate firewall in the DMZ. In this example, the Mail Server has an IP address of 64.5.5.6 and the Barracuda Spam & Virus Firewall has an internal IP address of 64.5.5.5.

Getting Started 27

Figure 3.2: The Barracuda Spam & Virus Firewall in the DMZ

In this type of setup, perform the following tasks: • • Assign an available external IP address to the Barracuda Spam & Virus Firewall. Change the MX (Mail Exchange) records on the DNS (Domain Name Server) to direct traffic to the Barracuda Spam & Virus Firewall. Create an A record and an MX record on your DNS for the Barracuda Spam & Virus Firewall. The following example shows a DNS entry for a Barracuda Spam & Virus Firewall with a name of barracuda and an IP address of 64.5.5.5.
barracuda.yourdomain.com IN A 64.5.5.5

The following example shows the associated MX record with a priority number of 10:
IN MX 10 barracuda.yourdomain.com

Clustering the Barracuda Spam & Virus Firewall
Clustering two or more Barracuda Spam & Virus Firewalls makes sense if your organization requires high availability, scalability, data redundancy and/or fault tolerance. Clustering also provides centralized management of policy because once you configure one of the devices, configuration settings are synchronized across the cluster almost immediately. Clustered systems can be geographically dispersed and do not need to be located on the same network. For more information about setting up a cluster of Barracuda Spam & Virus Firewalls, see Clustering the Barracuda Spam & Virus Firewall, page 77.

28

Barracuda Spam & Virus Firewall Administrator’s Guide

Install the Barracuda Spam & Virus Firewall
To physically install the Barracuda Spam & Virus Firewall:
1.

Fasten the Barracuda Spam & Virus Firewall to a standard 19-inch rack or other stable location.

Warning

Do not block the cooling vents located on the front and rear of the unit.

2.

Connect a CAT5 Ethernet cable from your network switch to the Ethernet port on the back of your Barracuda Spam & Virus Firewall. The Barracuda Spam & Virus Firewall supports both 10BaseT and 100BaseT Ethernet. Barracuda Networks recommends using a 100BaseT connection for best performance.

Note

The Barracuda Spam & Virus Firewall 600 and higher supports Gigabit Ethernet and has two usable LAN ports. On these models, plug the Ethernet cable into the LAN 2 port.

Do not connect any other cables to the other connectors on the unit. These connectors are for diagnostic purposes.
3.

Connect the following to your Barracuda Spam & Virus Firewall: • Power cord • VGA monitor • PS2 keyboard After you connect the AC power cord the Barracuda Spam & Virus Firewall may power on for a few seconds and then power off. This is standard behavior.

4.

Press the Power button located on the front of the unit The login prompt for the administrative console is displayed on the monitor, and the light on the front of the system turns on. For a description of each indicator light, refer to Front Panel Indicator Lights, page 115.

APC UPS Support
An APC (American Power Conversion) UPS (Uninterruptible Power Supply) device with a USB interface is supported with the Barracuda Spam & Virus Firewall. No configuration changes are needed on the Barracuda Spam & Virus Firewall to use one. When the APC UPS device is on battery power, the Web interface will display an alert, and the Barracuda Spam & Virus Firewall will shut down safely when there is an estimated time of 3 minutes of battery power remaining.

Getting Started 29

200. 30 Barracuda Spam & Virus Firewall Administrator’s Guide . Holding the Reset button for 12 seconds changes the IP address to 10.Configure IP Address and Network Settings The Barracuda Spam & Virus Firewall is given a default IP address of 192. 4. and select OK when finished. Applies only to the Barracuda Spam & Virus Firewall 200. Enter the new IP address.200.168. Configure your Corporate Firewall If your Barracuda Spam & Virus Firewall is located behind a corporate firewall. Select No when prompted if you want to change the IP configuration. Holding the Reset button for 8 seconds changes the IP address to 192. To connect directly to the Barracuda Spam & Virus Firewall to set a new IP address: 1.3: Configuring the IP address of the Barracuda Spam & Virus Firewall 2.200.1. 400. select Yes to change the IP configuration. Using the Tab key. Figure 3.168. the new IP address and network settings will be applied to the Barracuda Spam & Virus Firewall.200. you need to open specific ports to allow communication between the Barracuda Spam & Virus Firewall and remote servers.1. 300. At the barracuda login prompt enter admin for the login and admin for the password. 3.200. Holding the Reset button for 5 seconds changes the IP address to 192. The User Confirmation Requested window will display the current IP configuration of the system. and default gateway for your Barracuda Spam & Virus Firewall. netmask. You can change this address by doing either of the following: • • Connect directly to the Barracuda Spam & Virus Firewall with a keyboard and monitor and specify a new IP address through the console interface.168. and 600: Push and hold the Reset button on the front panel. Upon exiting the screen.1.200.

Consult your firewall documentation or your corporate firewall administrator to make the necessary changes. To configure the Barracuda Spam & Virus Firewall: 1. Table 3.200. Direction Out In/Out Out Out Out Protocol TCP TCP TCP/UDP TCP UDP Used for. and default gateway of your Barracuda Spam & Virus Firewall. change the NAT routing of your corporate firewall to route incoming email to the Barracuda Spam & Virus Firewall. Remote diagnostics and technical support services (recommended) SMTP Domain Name Server (DNS) Virus. enter the IP address of the Barracuda Spam & Virus Firewall followed by port 8000. From a Web browser.2: Fields TCP/IP Configuration Description The IP address.. enter the required information in the fields as described in the following table: 2.168. This is usually port 25. Getting Started 31 . 3.200:8000 Log in to the Web interface by entering admin for the username and admin for the password. security and spam rule definitions NTP (Network Time Protocol) If appropriate.1: Port 22 25 53 80 123 2. subnet mask. The TCP port is the port on which the Barracuda Spam & Virus Firewall receives incoming email. Example: http://192. Initial Configuration of the System After specifying the IP address of the system and opening the necessary ports on your firewall. Using the following table as a reference. firmware.To configure your corporate firewall: 1. Open the specified ports on your corporate firewall: Table 3. and the appropriate routing is in place to allow connection to the Barracuda Spam & Virus Firewall’s IP address from a Web browser. you need to configure the Barracuda Spam & Virus Firewall from the Web interface.. Make sure the computer from which you configure the Barracuda Spam & Virus Firewall is connected to the same network. On the BASIC > IP Configuration page.

The Barracuda Spam & Virus Firewall rejects all incoming messages addressed to domains not in this list. Default Domain is a required field and indicates the domain name to be used in the reply address for email messages (non-delivery receipts. This is the mail server that receives email after it has been checked for spam and viruses. Make sure this list is complete. and continue to receive the latest updates to all virus. Click Save Changes. virus alert notifications. DNS Configuration The primary and secondary DNS servers you use on your network.yourdomain. It is strongly recommended that you specify a primary and secondary DNS server. Note: One Barracuda Spam & Virus Firewall can support multiple domains and mail servers. etc. Domain Configuration Default hostname is the hostname to be used in the reply address for email messages (non-delivery receipts. The hostname is appended to the default domain.Table 3. page 92.2: Fields Destination Mail Server TCP/IP Configuration Description The hostname or IP address of your destination mail server. virus alert notifications. TCP port is the port on which the destination mail server receives all SMTP traffic such as inbound email. 5. etc. Accepted Email Recipients Domains The domains managed by the Barracuda Spam & Virus Firewall. If you need to set up more than one domain or mail server.) sent from the Barracuda Spam & Virus Firewall. for example mail.com. If you changed the IP address of your Barracuda Spam & Virus Firewall. policy. If you have multiple mail servers. and spam definitions from Barracuda Central. you may see the following warning 32 Barracuda Spam & Virus Firewall Administrator’s Guide . This is usually port 25.) sent from the Barracuda Spam & Virus Firewall. you are disconnected from the Web interface and will need to log in again using the new IP address. You should specify your mail server’s hostname rather than its IP address so that the destination mail server can be moved and DNS updated at any time without any changes needed to the Barracuda Spam & Virus Firewall. At the top of every page. your Energize Updates subscription must be activated for the Barracuda Spam & Virus Firewall to be fully enabled. Certain features of the Barracuda Spam & Virus Firewall rely on DNS availability. 4. The Energize Updates service is responsible for downloading these updates to your Barracuda Spam & Virus Firewall. refer to Creating and Managing Domains. go to the DOMAINS tab and enter the mail server associated with each domain. Activate Your Subscriptions After installation.

click Refresh in the Subscription Status section. You can view the download status by clicking the Refresh button next to the firmware download progress. Instant Replacement Service (if purchased) and Premium Support (if purchased). Note ALWAYS read the release notes prior to downloading a new firmware version. If the installed version does not match the Latest General Release: read the release notes to learn about the latest features and fixes provided in the new firmware version. In the Subscription Status section. It is important to not power-cycle the unit during the download. On the Product Activation page. Note The “apply” process takes several minutes to complete. Click Apply Now to activate the newly-downloaded firmware. Click on the designated link to open up the Product Activation page in a new browser window. Updating the firmware may take several minutes. 2. fill in the required fields and click Activate. Do not turn off the unit during this process.6. Return to the Barracuda Spam & Virus Firewall Web interface and navigate to the BASIC > Status page. This is normal and expected behavior. There may be a slight delay of a few minutes for the display to reflect your updated subscription status. 3. it is always recommended that you read the release notes. so there is no need to perform a manual Getting Started 33 . You can access the release notes from the Advanced > Firmware Update. verify that the word Current appears next to Energize Updates. 9. 7. Note If your subscription status does not change to Activated within an hour. If the status is still showing as unactivated. 8. This process will automatically reboot your system when completed. A “Firmware downloaded” message displays once the download is complete. Release notes provide you with information on the latest features and fixes provided in the updated firmware version. and the Refresh button will turn into Apply Now. To upgrade the firmware on the Barracuda Spam & Virus Firewall: 1. A confirmation page opens to display the terms of your subscription. The Download Now button next to the Latest General Release is disabled if the Barracuda Spam & Virus Firewall is already up-to-date with the latest firmware. or if you have trouble filling out the Product Activation page. Verify that the installed version matches the Latest General Release. Inbound and outbound traffic for mail resumes automatically when the update process is complete. Go to the ADVANCED > Firmware Update page. and click Download Now to begin the download. which can cause your Web interface to disconnect momentarily. Update the Barracuda Spam & Virus Firewall Firmware Prior to upgrading the firmware on your Barracuda Spam & Virus Firewall. contact your Barracuda Networks sales representative.

reboot. A Status page displays the progress of the reboot. Once the reboot is complete, the login page will reappear.

Update Definitions
To apply the newest definitions provided by Energize Updates:
1. 2.

Select ADVANCED > Energize Updates. Select On for Automatically Update. The recommended setting is On for all available definitions. If you are using the Barracuda Exchange Anti-Virus Add-in, you must set Automatically Update to On for Virus Update Definitions. See Internal Virus Scanning For Your Microsoft Exchange Mail Server, page 40, for more information about this add-in. Check to see if the current version is the same as the latest general release. If the rules are up-todate, proceed to the next section. If the rules are not up-to-date, continue to the next step. Click Update to download and install the latest available definitions onto the Barracuda Spam & Virus Firewall.

3. 4.

Routing Email
Route Incoming Email to the Barracuda Spam & Virus Firewall
The next step in setting up your Barracuda Spam & Virus Firewall is to route incoming email to the system so it can scan incoming messages for spam and viruses. You can use either of the following methods to route messages to your Barracuda Spam & Virus Firewall: • Use Port forwarding to redirect incoming SMTP traffic (port 25) to the Barracuda Spam & Virus Firewall if it is installed behind a corporate firewall running NAT (Network Address Translation). Configure this option on the ADVANCED > Advanced Networking page. For more information about port forwarding, refer to your firewall documentation or network administrator. MX records are used when your Barracuda Spam & Virus Firewall is located in a DMZ with a routable public IP address. If your Barracuda Spam & Virus Firewall is in the DMZ (not protected by your corporate firewall), do the following to route incoming messages to the system: 1. Create a DNS entry for your Barracuda Spam & Virus Firewall. The following example shows a DNS entry for a Barracuda Spam & Virus Firewall with a name of barracuda and an IP address of 66.233.233.88:
barracuda.yourdomain.com IN A 66.233.233.88

2. Change your DNS MX Records. The following example shows the associated MX record with a priority number of 10:
IN MX 10 barracuda.yourdomain.com

You can configure specific SMTP settings from the ADVANCED > Email Protocol page. After you route incoming email to the Barracuda Spam & Virus Firewall, it will begin filtering all email it receives and routing good email to your mail server.

34

Barracuda Spam & Virus Firewall Administrator’s Guide

Testing Spam and Virus Scanning With a Local User Set
From the ADVANCED > Explicit Users page, you have the option to use the Explicit Users to Scan For feature to test a subset of locally defined users before fully deploying the Barracuda Spam & Virus Firewall.

Configure Scanning of Outgoing Mail
The Barracuda Spam & Virus Firewall may be configured to scan outgoing mail simultaneously with scanning inbound mail. Virus Scanning and Rate Control are applied to outbound mail as well as the following filters, if specifically enabled, which are configurable from the BASIC > Spam Checking and BLOCK/ACCEPT pages: • • • • • • • • • • Spam Scoring, with Block or Quarantine actions IP Address Filtering Sender Domain Filtering Sender Email Address Filtering Recipient Filtering Content Filtering (Subject, Header and Body) Attachment Filtering Fingerprint Analysis Image Analysis Intent Analysis

The following scanning tools are not applied to outbound mail: • • • • • • IP Reputation, a sender authentication mechanism SPF (Sender Policy Framework), a sender authentication mechanism DKIM (DomainKeys), an email authentication system designed to verify the DNS domain of an email sender Regional Settings, the application of special spam analysis rules for particular languages Per-user Whitelist/Blocklist Per-domain Whitelist/Blocklist

To scan outgoing mail with the Barracuda Spam & Virus Firewall, you must configure outbound operation on the BASIC > Outbound page. There you’ll specify your trusted outbound mail server IP address or domain name (either your mail server or another trusted relay), identify a Smart host if you have one, and, optionally, an authentication type. The Barracuda Spam & Virus Firewall supports SMTP/SASL authentication and LDAP.
Note

When configuring outbound mail, ensure that your network firewall blocks all port 25 traffic that doesn't originate from your Barracuda Spam & Virus Firewall.

If you are relaying though a Smart host, you must also configure the Smart host to send to the Internet. Be aware that configuring the Barracuda Spam & Virus Firewall to scan outbound as well as inbound mail will increase the load on the system. You may find that you need to upgrade your Barracuda Spam & Virus Firewall to another model.

Getting Started 35

Outbound Message Footer - Global or Domain-level
The Barracuda Spam & Virus Firewall can append a custom text and/or html footer to each outbound message, configurable at either the global level on the ADVANCED > Outbound Footers page, or at the per-domain level. You can also opt to exclude certain email senders from having the outbound footer appended to their outgoing messages. To enable or disable an outbound message footer for a specific domain, effectively overriding the global setting, navigate to the DOMAINS page, click Manage for the domain and navigate to the ADVANCED > Outbound Footers page.

Administrative Settings and the Web Interface
Global Versus Domain Level Administration
The Barracuda Spam & Virus Firewall 400 and higher provides for global-level settings for most features as well as for domain-level, or “per-domain” settings, some of which can optionally override global settings. Some settings, such as user authentication mechanisms, are domain-level specific. The Web interface enables “drilling down” from the global scope, as shown in Figure 3.4, to the domain scope. The domain scope provides for reporting and configuring quarantine, spam scoring, content and attachment filtering options and user authentication settings on a per-domain basis.

Figure 3.4: Drilling down to domain scope from global scope

Domain Level Configuration
Per-domain settings are useful in cases where different domains protected by the Barracuda Spam & Virus Firewall belong to various organizations, each with their own set of email security requirements or users with different levels of knowledge or permissions. For example, a medical organization may want to whitelist domains that send pharmaceutical related messages, while another organization would consider such email to be spam. Some organizations will want to configure per-user quarantine, giving their users control of their own whitelist/blocklist settings and spam scoring, while others may not want their users to have to manage a separate mailbox for quarantined messages. Per-domain settings are administered in the “domain scope” level of the Web interface, accessible from the DOMAINS tab as shown above in Figure 3.4.

36

Barracuda Spam & Virus Firewall Administrator’s Guide

User accounts can be managed either from the global level USERS > Account view page or at the domain level from the DOMAINS > Manage Domain > USERS > Account view page. Setting the Time Zone of the System You can set the time zone of your Barracuda Spam & Virus Firewall from the BASIC > Administration page. • • • • Customizing the Appearance of the Web interface The ADVANCED > Appearance page allows you to customize the default images used on the Web interface. User accounts under each domain can be configured with custom whitelist/blocklist. The default server is ntp. See Role-based Administration. This is configurable in the Administrator IP/Range section. Supported languages include Chinese. Change the HTTP port used to access the Web interface.see Securing Network Access. All other systems will be denied access. NTP requires port 123 to be opened for outbound UDP traffic. see Domain Level Settings. When the Barracuda Spam & Virus Firewall resides behind a firewall. spam scoring levels and quarantine inbox settings. This tab is only displayed on the Barracuda Spam & Virus Firewall 600 and higher. French. For security. It is important that the time zone is set correctly because this information is used in all logs and reports. page 46 Change the length of time users can be logged into the Web interface after a period of no activity (Session Expiration Length . if working at the domain level. Links in the upper right section of the page always indicate the name of the logged in account and. No other user’s Web interface is affected. Getting Started 37 . the name of the domain currently being managed. Each server will be tried in order until one successfully connects. and others.barracudacentral. Specify the IP addresses and netmask of the systems that can access the Web interface. Changing the Language of the Web Interface You can change the language of the Web interface by selecting a language from the drop-down menu in the upper right corner of the page near the Log Off link.com. You can specify one or more NTP servers to use on the ADVANCED > Advanced Networking page. Spanish. Change the password of the administration account.For details about configuring domain-level settings. Controlling Access to the Web Interface The BASIC > Administration page allows you to perform the following tasks for initial setup: • Required: Provide email addresses in the Email Notifications section of the page so the Barracuda Spam & Virus Firewall and Barracuda Networks can send out important alerts and informative notifications if needed. HTTPS access is recommended . Note: The Barracuda Spam & Virus Firewall automatically reboots when you change the timezone. The language you select is only applied to your individual Web interface. The current time on the system is automatically updated via Network Time Protocol (NTP). page 92. Japanese.default is 20 minutes). page 96 for more information and illustrations of scope and Web interface navigation.

see Securing the Barracuda Spam & Virus Firewall. The certificate will be in effect as soon as the upload is complete. Enter your desired Web Interface HTTPS/SSL port for the Web interface. The default is 443. page 45. No additional configuration is required to use these certificates. To enforce SSL-only access (recommended): 1.Enabling SSL for Administrators and Users SSL (Secure Socket Layer) ensures that your passwords are encrypted and that all data transmitted to and received from the Web interface is encrypted as well. Trusted (signed by a trusted CA) certificates are issued by trusted Certificate Authorities (CA). Select Yes to Use HTTPS links in emails for per-user quarantine messages sent from the Barracuda Spam & Virus Firewall. Private (self-signed) certificates provide strong encryption without the cost of purchasing a certificate from a trusted Certificate Authority (CA). you must upload both items to the Barracuda Spam & Virus Firewall from this section of the page. and are provided free of charge as the default type of certificate. Click Save Changes. • • Tune and Monitor the Default Spam and Virus Settings After you install the Barracuda Spam & Virus Firewall. All Barracuda Spam & Virus Firewalls support SSL access without any additional configuration. select Yes to enable HTTPS/SSL access only to the Web interface. On the ADVANCED > Secure Administration page. There is no need to explicitly configure SSL for traffic between the Barracuda Spam & Virus Firewall and your mail servers. This can be downloaded after providing the information requested in the Trusted (Signed by a trusted CA) section of the page. you must first create and upload it to the Barracuda Spam & Virus Firewall before changing the Certificate Type in the SSL Certificate Configuration section of the ADVANCED > Secure Administration page. The system automatically checks incoming email for viruses and uses the Barracuda Reputation service to identify spam. and must be purchased from them separately with a Certificate Signing Request (CSR). these may generate some benign warnings which can be safely ignored. 38 Barracuda Spam & Virus Firewall Administrator’s Guide . Note The SSL configuration referred to here is related only to the Web interface. some sites may wish to enforce using a secured connection to access the Web interface. On some browsers. 4. Setting this to No will still allow the Barracuda Spam & Virus Firewall to accept non-SSL connections. 3. to allow it to verify the authenticity of the certificate and prevent any warnings that may come up when accessing the Web interface. For more information about and best practices for securing your Barracuda Spam & Virus Firewall on your network. However. The Barracuda Spam & Virus Firewall supports the following types of certificates: • Default (Barracuda Networks) certificates are signed by Barracuda Networks. See the online help for instructions. 2. or prefer to use their own trusted certificates. These certificates are created by providing the information requested in the Private (self-signed) section of the page. You may also want to download the Private Root Certificate and import it into your browser. the system begins filtering incoming email based on the default settings. Once you have received the certificate and key from the CA. If you wish to change the certificate that is used.

Spam Scoring . The following table describes the spam scoring settings on the BASIC > Spam Checking page. but this feature can be enabled. the administrator can view the BASIC > Message Log page to get an idea of how many messages are being blocked. the Barracuda Spam & Virus Firewall does NOT send an NDR (non-delivery receipt) bounce message to the sender. Once you have more experience with the Barracuda Spam & Virus Firewall you can adjust how aggressively the system deals with spam. this setting must have a value lower than the block threshold. quarantines. For information on specifying the quarantine mailbox. on the Barracuda Spam & Virus Firewall 600 and higher. in the Spam Bounce (NDR) Configuration section of the ADVANCED > Bounce/NDR Settings page. but below the block threshold. quarantined. from the DOMAINS tab. with reasons for each of those actions. Monitor and Classify Incoming Emails Once email is flowing through the Barracuda Spam & Virus Firewall.Block. blocks or allows (or sends. Managing Accounts and Domains.5. The default inbound message block score value is 6. Based on this score. The default setting is 10 (quarantine disabled).3: Setting Tag score (inbound only) Description Messages with a score above this threshold. on a per-user basis (inbound only). are delivered to the sender with the word [BULK] (default) added to the subject line. Managing Inbound Quarantine. Reviewing this log will give an idea of how Getting Started 39 . tagged or allowed. Quarantine score Messages with a score above this threshold. Block score Messages with a score above this threshold are not delivered to the recipient. Any message with a score below the tag threshold is automatically allowed. For more information about per-domain and per-user settings. A score setting of 10 for any action disables that action. To enable quarantine. refer to Chapter 10. 83. Quarantine and Tag As a message passes through the last of all of the defense layers. You can change the default text added to the subject line by entering new text in the Spam Tag Configuration section of the page. Table 3. it is scored for spam probability. Note On the Barracuda Spam & Virus Firewall 400 or higher you can set the spam scoring values on a per-domain basis. Initial spam scoring limits for your Barracuda Spam & Virus Firewall are shown on the BASIC > Spam Checking page and are described in Table 3. the Barracuda Spam & Virus Firewall either tags (inbound messages only). either for inbound or outbound messages. This score ranges from 0 (definitely not spam) to 10 or higher (definitely spam). For example.3. The default value is 3. p. you may decide to tag (inbound) or quarantine spam instead of blocking it. for outbound) the message. but below the quarantine threshold. p. By default. 91. are forwarded to the quarantine mailbox you specify. refer to Chapter 9.

Based on Outbound Spam Scoring Limits you specify on the BASIC > Spam Checking page. deleted. The Barracuda Exchange Anti-Virus Agent only provides data to the customer that is made available by the MS Exchange Server. The Barracuda Exchange Anti-Virus Agent runs as a Windows service on your 2003. Note that Bayesian filtering is turned off by default. Virus Checking and Notifications Virus scanning is automatically enabled on the Barracuda Spam & Virus Firewall and the system checks for definition updates on a regular basis (hourly by default). enabling your MS Exchange Server to receive constant virus signature updates from the Barracuda Spam & Virus Firewall. Use these actions to train the Bayesian database. Bayesian training works only on messages with 11 words or more. the Barracuda Spam & Virus Firewall will check unrecognized spam and virus fingerprints against the latest virus threats logged at Barracuda Central that have not yet been downloaded by the Barracuda Spam & Virus Firewall Energize Updates. domains or email accounts. you will then see Spam and Not Spam buttons on the BASIC > Message Log page in the tool bar. If you enable Bayesian filtering on the BASIC > Spam Checking page. As such. sender email addresses or recipients are scanned for viruses and blocked if a virus is detected. Any time a new virus signature is released. Use the BASIC > Virus Checking page to enable or disable virus checking. Advanced Inbound Spam Filtering Policy.current settings are filtering messages. For best Bayesian accuracy. as well as any Block/Accept filters you configure. Look for false positives and adjust spam scoring accordingly. 51 for more details on using the Message Log with Bayesian filtering. outbound messages will be quarantined or blocked as needed and listed on the BASIC > Outbound Quarantine page. it is recommended that you reset your Bayesian database every 6 months. p. sender domains. you can elect to submit that message to Barracuda Central from the BASIC > Message Log page. or rejected by an administrator. depending on how you configure settings for the add-in. the Barracuda Exchange Anti-Virus Agent will scan all internal mail traffic for that virus as well as mail previously stored on the MS Exchange Server. See the ADVANCED > Exchange Anti-Virus page for instructions on downloading and configuring the add-in for your organization’s needs. Any message listed in the outbound quarantine can be delivered. See Chapter 5. MS Exchange does not provide a quarantine tool for viewing infected 40 Barracuda Spam & Virus Firewall Administrator’s Guide . even email coming from “whitelisted” IP addresses. With Bayesian filtering enabled. If you enable Barracuda Real-Time Protection. and the page enables adding or removing message senders to or from the whitelist. Virus Scanning takes precedence over all other mail scanning techniques and is applied even when mail passes through the Connection Management layers. Monitor and Classify Outgoing Emails If you have configured the Barracuda Spam & Virus Firewall to filter outbound mail. watch the log on the BASIC > Outbound Quarantine page. Internal Virus Scanning For Your Microsoft Exchange Mail Server The Barracuda Spam & Virus Firewall offers an add-in you can download from the Web interface and install on your Microsoft Exchange Server to provide internal virus scanning within your network. if a message is not classified as spam by the Barracuda Spam & Virus Firewall. whitelisted. 2007 or 2010 MS Exchange server. and creating custom whitelists and blocklists to allow or block messages from specific IP addresses. See the online help on the BASIC > Virus Checking page for more details about this setting. but it appears to be spam.

Spam and Quarantine Notifications Separate non-delivery notifications (NDR) can be configured to alert the sender when a message is blocked or quarantined due to spam scoring or policy (content filtering). These tips are updated frequently from Barracuda Central. • • Product Tips At the top of the BASIC > Status page you’ll see the Product Tips bubble. including: • Hourly and daily email statistics that display the number of inbound and outbound messages blocked.You have the following options in managing this feature: Getting Started 41 . information on false positives or other infected message details. See Non-Delivery Reports (NDRs). Configure these notifications for inbound and outbound mail from the ADVANCED > Bounce/NDR Settings page. These values will fluctuate based on the amount of traffic that is being handled. To view performance of virus scanning on your MS Exchange server. tagged (inbound messages only). Performance statistics. encrypted (outbound only). and with a link to the release notes for the latest firmware update. please contact Contacting Technical Support. including CPU temperature and system load. sent (outbound messages only). quarantined. new programs and features from Barracuda Networks specific to your product. Attachment Block Notifications You can enable or disable notification emails to senders of messages that are blocked due to file attachment content filters. see the MS Windows Event Log. The subscription status of Energize Updates. For infected filename information. From this page you can also enter custom message text to insert in the notifications. you must set Automatically Update to On for Virus Update Definitions on the Advanced > Energize Updates page. for more information. Performance statistics displayed in red signify that the value exceeds the normal threshold. but if any setting remains consistently in the red for a long period of time. This space is populated with usage tips. All threat statistics provided to the add-in by MS Exchange are listed in the Exchange Anti-Virus Add-in Statistics section on the ADVANCED > Exchange Anti-Virus page in the web interface. use the MS Windows Performance Monitor or other 3rd party tool. Note If you are using the Barracuda Exchange Anti-Virus Agent. redirected (outbound messages only). Viewing Performance and Email Statistics The BASIC > Status page provides an overview of the health and performance of your Barracuda Spam & Virus Firewall. rate controlled and allowed (inbound only) for the last 24 hours and 28 days. page 81. Attachment content filters are configured in the Attachment Content Filters section of the BLOCK/ACCEPT > Content Filters page. page 15.messages.

set Show Product Tips in the Product Tips section of the BASIC > Administration page to No. consider that mydomain. the user doesn’t need an additional inbox for storing quarantined messages because the potential spam message is delivered to their regular inbox with a special word or phrase prepended to the Subject line to indicate that it has been tagged as potential spam. The message will show as Blocked with a reason of ‘invalid domain’ in the Message Log and will be included in the outbound mail Blocked statistics. A spammer sends a message from sender@mydomain. Quarantined.com is not. it is possible to see some messages logged as inbound mail traffic. It also keeps potential spam messages out of the user’s inbox.com is configured as a valid domain on the DOMAINS page and badomain. 42 Barracuda Spam & Virus Firewall Administrator’s Guide . • To hide the Product Tips section of the page.Outbound Outbound mail traffic is summarized in this table on the BASIC > Status page much the same way as inbound traffic.• To hide a particular message permanently. For example. Rate Controlled. Blocked:Virus. While some organizations require quarantine behavior. then the email will be counted as an inbound message. Setting up Quarantine By default. except that a count of outbound message Blocked due to custom policy or spam are reported separately. If you have not configured any domains for receiving inbound mail on the DOMAINS page. if a message is received addressed to the default domain configured under BASIC > IP Configuration page. These messages can be filtered to a special mailbox if the user desires. If a spammer tries to relay a message through the Barracuda Spam & Virus Firewall by spoofing a valid domain as the sender to an invalid recipient.com to the IP address of the Barracuda Spam & Virus Firewall.com. and messages counted as Sent are the counterpart of inbound Allowed messages. or can be viewed or deleted from their regular inbox. the Barracuda Spam & Virus Firewall does not quarantine incoming or outgoing messages. If you have not configured the Barracuda Spam & Virus Firewall for outbound mail and only expect inbound mail. because it offloads storage of potential spam from the mail server and backups.Inbound This section of the BASIC > Status page summarizes how inbound mail traffic is handled by the Barracuda Spam & Virus Firewall based on how you have configured the system. Email Statistics . and total since installation (or since the last reset). it is still possible to see some messages logged as outbound traffic. outbound messages are not tagged. addressed to recipient@badomain. Statistics are tallied by hour. and you configure the Barracuda Spam & Virus Firewall only for processing outbound mail. Allowed:Tagged and Allowed. by current calendar day starting at midnight. the Barracuda Spam & Virus Firewall will block the message and it will appear in the outbound email statistics table as Blocked. As an example. but you may want to enable quarantine for inbound mail. at least. click the Hide link. Email Statistics . tagging inbound messages that might be spam is recommended over quarantining them for several reasons: • With tagging of inbound messages. Actions reported include Blocked.

as well as on various BLOCK/ACCEPT pages. you can select either Global quarantine or Per-User quarantine. either the user or the administrator is required to maintain the quarantine inbox and settings. refer to Chapter 9. it’s sent on to the user’s mailbox or to an administrator’s mailbox to manage. Note that. For more information on using outbound quarantine. For more information. Managing Inbound Quarantine. and outbound quarantined mail can be logged and managed at the per-domain level as well as at the global level. see Encryption of Outbound Mail. p. Quarantine of inbound mail can be enabled or disabled in the Spam Scoring Limits section on the BASIC > Spam Checking page as well as on various BLOCK/ACCEPT pages. Quarantine of outbound mail can be enabled or disabled in the Outbound Spam Scoring Limits section on the BASIC > Spam Checking page. 83. If enabled. page 62.• Tagging inbound messages on the Barracuda Spam & Virus Firewall saves system resources because the message is not stored on the appliance itself. Getting Started 43 . by enabling quarantine of incoming messages identified as possible spam.

44 Barracuda Spam & Virus Firewall Administrator’s Guide .

.................... 47 Advanced Email Security Policy.....................................................Chapter 4 Securing the Barracuda Spam & Virus Firewall This chapter covers best practices to secure your Barracuda Spam & Virus Firewall with respect to deployment on your network.......................... 46 Limiting User Access ............. user access and inbound and outbound email............. The following topics are covered: Securing Network Access.............................. 48 Securing the Barracuda Spam & Virus Firewall 45 ............................................

69 for details on configuration. Private (self-signed) or Trusted certificate . This feature requires using the Barracuda Control Center and validating your domain ownership with the cloud service. please see Chapter 7. SSL Certificates As described above.Securing Network Access To secure your Barracuda Spam & Virus Firewall on your network. page 38 section of the Getting Started chapter as well as in the online help of the ADVANCED > Secure Administration page Secure Links in Notification Emails If Per-User quarantine (as opposed to Global) is configured on the BASIC > Quarantine page. you might want to secure hyperlinks in quarantine correspondence emails that are sent from the Barracuda Spam & Virus Firewall to users and administrators. If no IP address is specified in this field. limiting user interface access to HTTPS provides further security and can also be configured on the ADVANCED > Secure Administration page along with the use of SSL certificates. and the identity of the remotely connected server can be verified with significant confidence. Use the Cloud Protection Layer Using the Cloud Protection Layer feature means that all email going into your organization will be pre-filtered for spam and viruses before it reaches your network. There are three types of SSL certificates to choose from: Default (Barracuda Networks). From that page you can also further limit access to the Web interface by IP address with the Administrator/IP Range setting. p. Barracuda Networks recommends using the non-standard port 8000 for internal access to the Web interface. 46 Barracuda Spam & Virus Firewall Administrator’s Guide . You can secure external access to the Barracuda Spam & Virus Firewall with the Web Interface HTTPS/SSL Port setting on the ADVANCED > Secure Administration page. then all systems are granted access with the correct administrator password. The recommended port is 443 because it is a standard HTTPS/SSL port that is used for secure Web browser communication. Setting Use HTTPS Links in Emails to Yes on the ADVANCED > Secure Administration page ensures that these emails sent from the Barracuda Spam & Virus Firewall contain only HTTPS links. which is configured on the BASIC > Administration page. To use this feature. Cloud-Based Protection. begin by locking down the user interface ports. Note If per-user quarantine is enabled as well as HTTPS.a certificate signed by a trusted certificate authority (CA). Configuring SSL certificates is described in this guide in the Enabling SSL for Administrators and Users. users will be redirected to HTTP access if they are trying to access their quarantine inbox.

you should also configure HTTPS/SSL Access Only at the global level on the ADVANCED > Secure Administration page to protect the transmission of network passwords.Limiting Access to the API The Barracuda set of APIs provides for remote administration and configuration of the Barracuda Spam & Virus Firewall. that you can set by clicking the Save Changes button in the Web interface. If enabling Single Sign On for a domain. and can only be configured by the administrator or a Domain Admin. See Managing Accounts and Domains. page 114. page 91 for more detail about role-based administration of the Barracuda Spam & Virus Firewall. or you can configure a separate LDAP server for single sign-on from the USERS > Single Sign-On page. More detailed information regarding the API can be found in the Barracuda Spam & Virus Firewall API Guide 4.To secure use of the API.x located at http://www. Single Sign-On is not a global setting.com/documentation. From the ADVANCED > Troubleshooting page. Common settings. If you select LDAP authentication. page 38 to configure SSL on Securing the Barracuda Spam & Virus Firewall 47 . capturing: • • User login activities and any configuration changes made on the device. users can log into their quarantine inbox via the Web interface using their domain passwords instead of a password managed separately by the Barracuda Spam & Virus Firewall. Warning the Barracuda Spam & Virus Firewall. if you are using LDAP authentication for single sign-on. Data related to mail flow. This data is the same information as that used to build the Message Log in the Barracuda Spam & Virus Firewall. use the Allowed SNMP and API IP/Range setting on the BASIC > Administration page. such as IP addresses and spam scoring levels. use the Monitor Web Syslog button view the Web syslog output. you can either use the same LDAP server and settings for user authentication as the one you’re using for recipient verification (configured on the USERS > LDAP Configuration page). You can also configure a syslog server as described in the Using a Syslog Server to Centrally Monitor System Logs. To limit access to the API. See Enabling SSL for Administrators and Users.barracuda. you must set Exchange Accelerator/LDAP Verification to Yes on the USERS > LDAP Configuration page. The IP addresses you enter in that field can also establish an SNMP connection to the system. Tracking Changes to the Configuration and User Login Activities The syslog function of the Barracuda Spam & Virus Firewall provides two kinds of logs. can be configured via the API. Limiting User Access Securing User Access With Single Sign On With Single Sign-On (SSO). Note that. you must also create an API password which can be entered on this page.

not as a global setting.User Account Authentication You can configure the Barracuda Spam & Virus Firewall to authenticate user accounts using an LDAP. Novell eDirectory and Domino Directory. these settings are domain-specific. LDAPS can optionally be required. SeeEncryption of Outbound Mail. select Local for Authentication Type. or RADIUS server. fill in the server settings on the page. SMTP/TLS (Transport Layer Security) encryption TLS can provide authentication (identification of the communication partner). POP. you can: • Enhance network security by limiting end-user access (port 8000 by default) and administration to only one Barracuda Spam & Virus Firewall on the Internet • Insulate the user interface performance from any peaks in email volume In this configuration. navigate to the USERS > Single Sign On page for the selected domain and select the Authentication Type. LDAP server types supported include Active Directory. and integrity (message has not been modified) 48 Barracuda Spam & Virus Firewall Administrator’s Guide . Advanced Email Security Policy The Barracuda Spam & Virus Firewall offers various levels of secure communications over SMTP for both incoming email and outbound email that is relayed through the Barracuda Spam & Virus Firewall from your network. sensitive and valuable information communicated via email. governmental agencies and other entities who need to protect private. These user account authentication mechanisms are configured from the DOMAINS tab by selecting the Domains page and clicking the Manage Domain link for a particular domain. As stated above. Limiting User Access to a Clustered System You can choose to dedicate a single Barracuda Spam & Virus Firewall in the cluster as the Quarantine Host to serve up the end-user interface through which users will access their quarantine inboxes. even though their actual quarantine inbox (primary or secondary) may be hosted by another Barracuda Spam & Virus Firewall in the cluster. You can configure LDAPS (SSL/TLS) for encryption of LDAP queries between the Barracuda Spam & Virus Firewall and your LDAP server. LDAP and User Account Authentication Configure LDAP settings on the USERS > LDAP Configuration page. This feature is available on the Barracuda Spam & Virus Firewall 400 and higher and is configured at the domain level. To require users to log in to the Barracuda Spam & Virus Firewall Web interface (as opposed to single sign on) to view and manage their account. By then not directing email to the Quarantine Host. For health care providers. quarantine notifications from all Barracuda Spam & Virus Firewalls in the cluster will direct users to the Quarantine Host. the Barracuda Spam & Virus Firewall provides the option of email encryption (or redirection to your existing encryption service or server) based on policy you set for outbound mail in the BLOCK/ACCEPT pages. Open LDAP. For RADIUS and POP. To configure authentication. Set the IP address of the Quarantine Host device in the cluster from the BASIC > Quarantine page. page 62 for details and usage. privacy/confidentiality (communication is not intercepted or eavesdropped).

Only the administrator or Domain Admin can configure these settings. To enable TLS encryption. Any bounce message coming into the Barracuda Spam & Virus Firewall from the Internet that does not include these components is blocked and recorded in the Message Log with the reason "Invalid Bounce". you need to first configure an SSL certificate from the ADVANCED > Secure Administration page following the steps in the online help screen. from the ADVANCED > Email Protocol page. Note that SMTP over TLS will be enabled for incoming connections and will be attempted for outgoing connections . Use the Trusted Relay IP/Range to do so. Next. page 35. from the DOMAINS tab.the receiving server needs to support it. it is recommended to configure either SASL/SMTP authentication or LDAP Outbound relayauthentication using your LDAP directory as well. signing and message authentication. The Barracuda Spam & Virus Firewall can communicate via SMTP over TLS/SSL over the Internet when both the sender and recipient are using a Barracuda Spam & Virus Firewall or another STARTTLS-capable mail server. All email sent out through the Barracuda Spam & Virus Firewall contains a return address tagged with an encrypted password (the Bounce Suppression Shared Secret) and expiration time. See the BASIC > Outbound page for sender authentication for outbound relayed email. Invalid Bounce Suppression Invalid Bounce Suppression can be used when all outgoing email is relayed through the Barracuda Spam & Virus Firewall and is designed to reduce the number of bounce messages to forged return addresses. and on the ADVANCED > Email Protocol page. Requiring encrypted TLS connections can be configured at the domain level (not as a global setting) for either incoming or outgoing messages (as long as the receiving server supports TLS). and choosing the Default/Barracuda Networks certificate serves the purpose in most cases. you can configure the IP address and/or domain name of one or more outbound servers that can relay outbound email through the Barracuda Spam & Virus Firewall to the Internet. Securing the Outbound Relay of Email The Barracuda Spam & Virus Firewall may be configured to relay outbound email simultaneously with scanning inbound mail as described in Configure Scanning of Outgoing Mail. This configures SMTP over TLS/SSL at the global level. the Bounce Suppression Shared Secret will be synchronized across all nodes in the cluster.over an SMTP connection. For more details see the online help on the BLOCK/ACCEPT > Sender Authentication page. set Enable SMTP over TLS/SSL to Yes. Note that if you have a cluster of Barracuda Spam & Virus Firewalls. or others on the same network with the same shared secret. Click Manage Domain for the particular domain. Enabling this feature will block any bounce message that did not originate as an outbound message from this Barracuda Spam & Virus Firewall. On the BASIC > Outbound page. in the SMTP over TLS/SSL section. There are three certificate options. Securing the Barracuda Spam & Virus Firewall 49 . TLS uses different algorithms for encryption. enter the domain names for which email will be required to be transmitted over a TLS connection. If you do decide to specify a domain name with the Trusted Relay Host/Domain field. The most secure practice is to specify an IP address rather than a domain name for your trusted mail or relay server(s) to prevent domain name spoofing.

50 Barracuda Spam & Virus Firewall Administrator’s Guide .

...................................................................... 55 Advanced Inbound Spam Filtering Policy 51 .............................................Inbound . 53 Content Analysis .............................Chapter 5 Advanced Inbound Spam Filtering Policy The goal in configuring a Barracuda Spam & Virus Firewall is to identify spam without blocking valid messages........................................ Rate Control................... This chapter addresses using custom spam filtering policy on inbound mail as well as optional........ more sophisticated spam identification methods...................... 52 IP Analysis ..........

52 Barracuda Spam & Virus Firewall Administrator’s Guide . Once 5 or more IP addresses have made connections to the Barracuda Spam & Virus Firewall. a front-end Mail Transfer Agent (MTA) or a trusted forwarder) before the Barracuda Spam & Virus Firewall. it indicates that mail is also coming in from other outside sources and rate control should be applied. Rate Control is configured on the BLOCK/ACCEPT > Rate Control page. Exemptions from Rate Control You can exempt trusted IP addresses from Rate Control by adding a trusted IP address to the Rate Control Exemption/IP range list. In this case. any IP address that you enter as a trusted forwarder on the BASIC > IP Configuration page will be exempted from Rate Control. for each message deferred. As part of the Connection Management Layer. the Rate Control mechanism counts the number of connections to the Barracuda Spam & Virus Firewall in a half hour period and compares that number to the Rate Control threshold. which is the maximum number of connections allowed from any one IP address in this half-hour time frame. Also. Well-behaving mail servers act upon the defer message and will try sending the message again later.Rate Control The Barracuda Spam & Virus Firewall Rate Control feature protects the system from spammers or spam-programs (also known as "spam-bots") that send large amounts of email to the server in a small amount of time. the sender will receive a 4xx level error message instructing the mail server to retry after a predefined time interval. If the number of connections from a single IP address exceeds the Rate Control threshold within the half hour period. the Barracuda Spam & Virus Firewall will defer any further connection attempts from that particular IP address until the next half hour time frame and log each attempt as deferred in the Message Log with a Reason of ‘Rate Control’.. When Rate Control Takes Effect When Rate Control is first enabled on the Barracuda Spam & Virus Firewall. or after a change is made to the Rate Control threshold. while email from large volume spammers will not retry sending the email again.e. Note Organizations that relay email through known servers or communicate frequently with known partners can and should add the IP addresses of those trusted relays and good mail servers to the Rate Control Exemption/IP Range list. five (5) unique IP addresses must connect before Rate Control is invoked. keep in mind the following • • • • • A rate of 50 is conservative Some customers can lower this safely Caution – False positives can be hard to diagnose Common setting is for 20-30 emails/ half hour High volume recipients may need to either set the Rate Control threshold above 50 and/or list IP addresses from which they expect to receive a high volume of email in the Rate Control Exemption/IP Range list. When configuring Rate Control. This is to take into account that you may have another appliance receiving email (i.

or “not spam”. thereby both reducing processing load and eliminating the chances of false positives. the reputation and intent of that sender should be determined before accepting the message as valid. By adding IP addresses to this list. or IP addresses with a “poor” reputation. Updates to Barracuda Reputation are made continuously by the engineers at Barracuda Central and are delivered to all Barracuda Spam & Virus Firewalls via Energize Updates. Trusted Forwarders On the BASIC > IP Configuration page you can specify the IP addresses of any machines that are set up specifically to forward mail to the Barracuda Spam & Virus Firewall from outside sources. Rate Control and IP Reputation checks. Warning Barracuda Networks does NOT recommend whitelisting domains because spammers will spoof domain names. it is recommended to whitelist (Allow) by IP address only. Likewise you can define a list of bad email senders. applying tag. IP Reputation The Barracuda Spam & Virus Firewall enables administrators to define a list of trusted mail servers by IP address. good senders as well as known spammers. In some cases. When possible. The sending histories associated with the IP addresses of all sending mail servers are analyzed to determine the likelihood of legitimate messages arriving from those addresses. In the IP Analysis layer. These are called Trusted Forwarders and will bypass SPF. the Barracuda Spam & Virus Firewall then performs analysis on the IP address. Various methods for discerning “good” senders of email versus spammers are described in this section to help you to quickly configure your Barracuda Spam & Virus Firewall per the needs of your organization. administrators can avoid spam scanning of good email. you may choose to utilize the IP blocklists (as described in IP Analysis on page 19) to restrict specific mail servers as a matter of policy rather than as a matter of spam. Note that virus scanning and blocked attachment checks are still enforced. The best way to address both issues is to know the IP addresses of trusted senders and forwarders of email and define those on the Barracuda Spam & Virus Firewall as “Allowed” by adding them to a whitelist of known good senders. Once the true sender of an email message is identified. This data is collected from spam traps and other systems throughout the Internet. Advanced Inbound Spam Filtering Policy 53 . quarantine or block policies that you configure in the BLOCK/ACCEPT pages. the Barracuda Spam & Virus Firewall examines the Received headers and evaluates the first non-trusted IP address when applying the above filters and other block and accept policies. Barracuda Reputation (BRBL) Barracuda Reputation is a database maintained by Barracuda Central and includes a list of IP addresses of known.IP Analysis After applying rate controls.

• In the Allowed Email Addresses and Domains section of the BLOCK/ACCEPT > Sender Filters page. However. Several organizations maintain external blocklists. the Barracuda Spam & Virus Firewall uses these lists to verify the authenticity of the messages you receive. If a user needs to supercede an global IP address block.Precedence The users’sender whitelists (if the whitelist/blocklist setting is enabled for user accounts) can be overridden by global settings. but for which you want mail scanned for spam anyway. Sender Whitelisting . In conjunction with Barracuda Reputation. Be aware that blocklists can generate false-positives (legitimate messages that are blocked). sometimes called DNSBLs or RBLs. that query is cached on your own local DNS for a period of time. because the Barracuda Spam & Virus Firewall sends notifications when it rejects such messages. including from the Barracuda Reputation Blocklist. if the administrator turns on Spoof Protection. External blocklists. you can exempt particular IP addresses from RBL checks. it is strongly recommended that the Barracuda Reputation Blocklist (BRBL) option be set to "Block". Once the Barracuda Spam & Virus Firewall queries a blocklist service. making further queries very fast. Messages from these IP addresses will be subject to all other spam and virus checks. while still being scanned for viruses. such as spamhaus. You can also enter IP addresses/ranges to this list which are on the Barracuda Reputation Whitelist. Reverse DNS Blocking The Barracuda Spam & Virus Firewall can do a reverse DNS lookup on inbound and outbound IP connections and finds the hostname associated with the IP address of the sender. Subscribing to blocklist services does not hinder the performance of the Barracuda Spam & Virus Firewall. Here. By configuring rules on the BLOCK/ACCEPT > Reverse DNS page. Exempting IP Addresses from the BRBL and Other Blocklists The BRBL and other blocklists that you specify on the BLOCK/ACCEPT > IP Reputation page can be overridden by listing the IP addresses of trusted forwarders of email or listing email addresses: • In the Allowed IP/Range section of the BLOCK/ACCEPT > IP Filters page • In the Barracuda Reputation. Query response time is typically in milliseconds. which is a global setting. that user should communicate to the administrator and request that the email or IP address be added to a global whitelist on the Barracuda Spam & Virus Firewall. it will supersede any user’s whitelist entry. saving resources.On the BLOCK/ACCEPT > IP Reputation page. the sender will be notified and legitimate senders will therefore know to try re-sending their message or otherwise notify the recipient that their messages are being blocked. you can choose to apply Common Reverse DNS 54 Barracuda Spam & Virus Firewall Administrator’s Guide . For example. Subscribing to External blocklist Services The BLOCK/ACCEPT > IP Reputation page allows you to use various blocklist services. so delays are negligible. are lists of IP addresses from which potential spam originates. Turning the Barracuda Reputation Whitelist option to On will enable messages from known good IP addresses to bypass all spam filtering. External RBL IP Exemption Range on the BLOCK/ACCEPT > IP Reputation page.org.

quarantine or block messages from those domains.Rules by country. Email which is not blocked is subject to all of the usual spam and virus checks. The BLOCK/ACCEPT > Attachment Filters page provides a table of patterns you can use for specifying the above actions based on attachment filenames. quarantined. Content Analysis . Custom Reverse DNS Rules that you define. Use the Password Protected Archive Filtering feature to take action with messages with attachments that contain password protected (encrypted) archives. encrypt or redirect. Outbound mail can be blocked.ru for Russia. HTML comments and tags imbedded between characters in the HTML source of a message are also filtered. You can elect to have a notification sent to the sender when an inbound or outbound message is blocked due to attachment content filtering. you can use the Common Reverse DNS Rules to tag (inbound only). The last part of a hostname is known as the top level domain. go through attachment filtering.ca for Canada.) and take one of the above actions with inbound or outbound messages based on filenames or types. as these forms of rules are delivered to the Barracuda Spam & Virus Firewall automatically through Barracuda Energize Updates. etc. Actions you can take with inbound messages include block or quarantine. encrypted or redirected/ Attachment Filtering All messages. privacy information such as driver’s license numbers. . file types. tar. Actions you can take with outbound messages include block. See the ADVANCED > Bounce/NDR Settings page to configure notifications. List the sending domains or subdomains you want to whitelist on the BLOCK/ACCEPT > Sender Filters page. If most or all of the mail that you receive from a particular country is spam. Advanced Inbound Spam Filtering Policy 55 . In general. You can specify actions to take with messages based on pre-made patterns in the subject line or message body. MIME types. quarantine. message body and attachment file content. or you can create your own filters. From the BLOCK/ACCEPT > Attachment Filters page you can choose to take certain actions with inbound and/or outbound messages if they contain attachments with certain filename patterns. Use the Custom Reverse DNS Rules to tag.Inbound Custom Content Filters The Barracuda Spam & Virus Firewall enables administrators to set custom content filters based on the subject line. Credit card. tagging or quarantining inbound messages. Most TLDs include a country identifier. message headers. or both to tag (inbound only). etc. except those from whitelisted senders. block or quarantine any message that has an associated hostname that includes that country's TLD. or TLD. administrators do not need to set their own filters for the purposes of blocking spam. or password protected archives. quarantine or block messages from hostnames ending with values that you specify. Social Security numbers. The Check Archives feature can be selected along with any filter to search the contents of attached archives (zip. phone numbers or expiration dates and HIPAA data can be automatically checked and acted upon by blocking. The online help for the BLOCK/ACCEPT > Content Filtering page includes a link to a Regular Expressions help page that covers expressions you can use for advanced filtering. such as .

Barracuda Real-Time Protection must be enabled on the BASIC > Virus Checking page. • Real-time intent analysis .For new domain names that may come into use. Fingerprint analysis is often as a useful mechanism to block future instances of spam once an early outbreak is identified. If a message exceeds this size.tgz) where word_2010_xml. Contact Barracuda Networks Technical Support to change this maximum. In order to detect real-time spam fingerprints. Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists. an image) across many instances of spam. Intent Analysis All spam messages have an “intent” – to get a user to reply to an email. Intent Analysis is the defense layer that catches phishing attacks.Messages that are blocked due to attachment filtering will appear in the Message Log with the word Attachment and the filename in the Reason column. Engineers at Barracuda Central work around the clock to identify new spam fingerprints which are then updated on all Barracuda Spam & Virus Firewalls through hourly Barracuda Energize Updates. Fingerprint Analysis is configured on the BASIC > Spam Checking page. For example. the entry in the Message Log for such a blocked message would contain something like this in the Reason column: Attachment (word_2010_xml. 56 Barracuda Spam & Virus Firewall Administrator’s Guide . Here you can also choose to specifically allow messages based on valid Chinese or Japanese language content and enable compliance with PRC (People’s Republic of China) requirements if your Barracuda Spam & Virus Firewall resides in the PRC. Frequently. Web links and phone numbers embedded in email messages to determine whether they are associated with legitimate entities. The Barracuda Spam & Virus Firewall features multiple forms of Intent Analysis: • Intent analysis . such as URLs. several of which are provided for Intent filtering.. Blocking Email by Country Set tag. visit a Web site or call a phone number.tgz is the attachment filename that caused the message to be blocked. Spam fingerprints blocked based on a real-time check will display an '*' before "Fingerprint" in the Message Log. Note The default maximum attachment size allowed by your Barracuda Spam & Virus Firewall is 100 megabytes. Fingerprint Analysis A message “fingerprint” is based on commonly used message components (e.Markers of intent. Intent analysis involves researching email addresses. the Barracuda Spam & Virus Firewall rejects the message and the sending server notifies the sender that their message did not go through. are extracted and compared against a database maintained by Barracuda Central.g. Intent can also be associated with general content categories. if you created a filter on the BLOCK/ACCEPT > Attachment Filters page to block messages with attachments whose filenames match a pattern of word*. and then delivered to the Barracuda Spam & Virus Firewall via hourly Barracuda Energize Updates. quarantine and block policies for specific character sets or regional spam settings using the BLOCK/ACCEPT > Regional Settings page.

• Image processing . the Barracuda Spam & Virus Firewall also uses Image Analysis techniques which protect against new image variants. To determine the likelihood that a new email is spam. shading or color manipulation. Image Analysis Image spam represents about one third of all traffic on the Internet. A global Bayesian database is typically more effective than per-user databases because the administrator can maintain and reset it for all to use. which is configured on the BASIC > Spam Checking page. users must train and manage their own Bayesian databases. Image Analysis is configured on the BASIC > Spam Checking page. These techniques include: • Optical character recognition (OCR) . however.Use of free Web sites to redirect to known spammer Web sites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Intent Analysis is configured on the BASIC > Spam Checking page. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free Web sites for redirections to known spammer sites. Global Bayesian Filtering Versus Per-User The administrator can configure a global Bayesian database. thereby providing a more reliable source of Bayesian management. per-user Bayesian databases or disable Bayesian altogether. the Barracuda Spam & Virus Firewall is filtering mail for many Advanced Inbound Spam Filtering Policy 57 . There are pros and cons to each configuration. Bayesian Analysis How Bayesian Analysis Works Bayesian Analysis is a linguistic algorithm that profiles language used in both spam messages and legitimate email for any particular user or organization. With the global setting. If. Note that Bayesian training works only on messages with 11 words or more. • Animated GIF analysis . More heavyweight image processing algorithms are utilized at Barracuda Central to quickly generate fingerprints that can be used by Barracuda Spam & Virus Firewalls to block messages.To mitigate attempts by spammers to foil OCR through speckling. The Barracuda Spam & Virus Firewall only uses Bayesian Analysis after administrators or users classify at least 200 legitimate messages and 200 spam messages.The Barracuda Spam & Virus Firewall contains specialized algorithms for analyzing animated GIFs for suspect content. which they access from their PREFERENCES > Spam Checking page. With the per-user configuration. the administrator trains and maintains one Bayesian database for all users. While Fingerprint Analysis captures a significant percentage of images after they have been seen. Bayesian Analysis compares the words and phrases used in the new email against the corpus of previously identified email.• Multilevel intent analysis . OCR enables the Barracuda Spam & Virus Firewall to analyze the text rendered inside the images. the Barracuda Spam & Virus Firewall also utilizes a number of lightweight image processing technologies to normalize the images prior to the OCR phase.Embedding text in images is a popular spamming practice to avoid text processing in anti-spam engines.

users are sophisticated and can be trained to properly identify ‘valid’ messages versus spam so as to train the Bayesian database. In most cases. from the BASIC > Message Log page. That said. To keep a Bayesian database accurate: • For a global Bayesian database. Bayesian data can quickly become “stale” if the database is not reset from time to time and new messages consistently classified as spam or not spam in equal numbers. Without this maintenance the users may see false positives resulting in the blocking of good email. spam accuracy should not be an issue for most organizations. With Energize Updates constantly updating the Barracuda Spam Firewall with protection against the latest spam and virus threats. When this happens new classifications are needed to update the Bayesian database.domains. either in their quarantine inbox (QUARANTINE > Quarantine Inbox page) or from their regular email client if they have installed either the MS Outlook add-in or Lotus add-in (see below). while another domain for a political organization tends to receive political emails and yet another domain is an entertainment site. it could be either difficult or impossible to train the global Bayesian database to identify spam for all users. and the users in the organization tend to be a homogenous population with regard to the kind of content considered to be ‘valid’ email versus spam. spam messages change drastically and the Bayesian system – while initially able to compensate for the new format – gradually declines in its effectiveness. In this case. and 58 Barracuda Spam & Virus Firewall Administrator’s Guide . however. Getting the Best Accuracy From the Bayesian Database All Bayesian systems rely on the fact that messages classified are not much different than new messages arriving. For example. A case for using Bayesian Analysis would depend on the following: • You are using global Bayesian as opposed to per-user. if one domain for a medical organization typically receives email regarding medical topics. the user should reset their own Bayesian database and follow up with marking 200 or more messages as spam or not spam. while sophisticated users may be trained and savvy enough to initially train their own Bayesian database. per-user Bayesian filtering would make more sense than global. • Your organization requires a very high granularity of accuracy for identifying spam. When to Use Bayesian Analysis Barracuda Networks does not recommend using Bayesian filtering in most circumstances. it is not practical to enable Bayesian at the user level because maintaining an accurate Bayesian database requires that users to understand the concept of how Bayesian analysis works and how to use it as an effective tool. This situation would make it easier for an administrator to “train” the global Bayesian database as to what is spam and what is not spam for the organization. then. Bayesian filtering will NOT take effect until 200 or more of each spam and not-spam messages are marked as such. the users of which expect to receive different types of email. Note Because spammers frequently change tactics and content. • If enabling Bayesian at the per-user level. they may not have the time to spend in their regular work schedule to effectively maintain their Bayesian databases. marking at least 200 messages as either Spam or Not spam using the buttons on the page. Over time however. then what is spam to one domain may be valid email for another on the same Barracuda Spam & Virus Firewall. • For each per-user database. the administrator should periodically (every 6 months or so) clear it out by resetting it from the BASIC > Spam Checking page.

and if these headers are removed. • Note If the SMTP option Remove Barracuda Headers is turned off in the ADVANCED > Email Protocol page. This Windows zip file includes the installer (MSI) and Administrative Template (ADM) for the add-in. Advanced Inbound Spam Filtering Policy 59 . The Outlook Add-In also provides the user with a button to encrypt the message contents before sending it. such as excerpts of text from books or other content that may look “legitimate” in order to fool spam filtering algorithms. Outlook 2003. where you can: • • Enable users to download the Microsoft Outlook Add-In. See the USERS > User Features page. This tactic is called Bayesian Poisoning and could reduce the effectiveness of a Bayesian database if many of these messages are marked as either spam or not spam. The Outlook Add-in is compatible with Microsoft Outlook XP. • The administrator and/or users are disciplined about resetting the Bayesian database(s) on a regular basis and re-initializing with 200 each of marked spam and not spam messages to ‘keep current’ with new spam techniques over time. the administrator can choose to allow users to download a plugin that allows messages to be classified as Spam or Not Spam directly from their email client. Download and install the Lotus Notes Plugin and view an overview document of how it works. Outlook and Lotus Notes Plugins If both per-user quarantine and per-user Bayesian are enabled. and can be used with a Windows GPO to push the add-in to your users’ PCs. This is not a recommended setting. very sophisticated and protects against Bayesian Poisoning if administrators or users consistently maintain their databases. Outlook 2007. any Barracuda Outlook add-in or other add-in will not work correctly. see Creating and Managing Accounts on page 91. Bayesian Poisoning Some spammers will insert content in messages intended to bypass spam rules. For information about automatically or manually creating quarantine accounts for users. any custom X-headers that the Barracuda Spam & Virus Firewall has applied before the message leaves the appliance will be removed.are willing to consistently mark BOTH ‘valid’ messages and spam messages in equal numbers so as to maintain the Bayesian database. The Barracuda Networks Bayesian engine is. and Outlook 2010 32-bit and 64-bit. See Encryption of Outbound Mail on page 62 for more information about email encryption. which they can do from the login page if this feature is enabled Download the Outlook Add-In Deployment Kit. Users must have a quarantine account on the Barracuda Spam & Virus Firewall to use the plugins. however. Any messages encrypted using the Outlook Add-In will appear in the Barracuda Spam & Virus Firewall with a Reason of Outlook Add-In. on the Barracuda Spam & Virus Firewall 300 and higher.

60 Barracuda Spam & Virus Firewall Administrator’s Guide .

.............. 65 Content Analysis ................... Encryption of Outbound Mail . 65 IP....... After configuring outbound mail for the Barracuda Spam & Virus Firewall (see Configure Scanning of Outgoing Mail..... 62 Spam Filtering and Quarantine of Outbound Mail ............Outbound Mail ..........Chapter 6 Outbound Filtering Policy By scanning all outbound messages............................................................... health care and other federally-regulated agency information policies...... prevent data leakage and ensure compliance with financial............... 64 Rate Control for Outbound Mail . 67 Outbound Filtering Policy 61 ... This section defines outbound filtering policies that are different from the inbound policies you'd typically apply.......... Domain and Email Address Filtering of Outbound Mail...................... including optional encryption for secure transmission based on custom policy.... page 35)....... choose outbound filtering techniques to best protect the IP reputation of your organization........ you can ensure that all email leaving your organization is legitimate and virus free............

For details about sending and retrieving encrypted messages as applies to this add-in. BASIC > Outbound Quarantine. For Mail Journaling and the download features in the Message Viewer. but actual encryption policy (by sender domain. governmental agencies and other entities who need to protect private. Encryption is configured at the perdomain level. recipient. You can then select the Redirect action for outbound filtering policies in the BLOCK/ACCEPT pages. Several validation methods are available from this page. Email encryption can be performed by the Barracuda Spam & Virus Firewall on outbound mail as described in this chapter. Configuring and Using Encryption Requirements for Using Encryption Before applying encryption policy. Redirection of outbound mail per policy is only available at the global (not per-domain) level. Secured Message Contents When the Barracuda Spam & Virus Firewall encrypts the contents of a message.) is only configurable at the global level using the BLOCK/ACCEPT pages. the message body will not be sent to the Mail Journaling account and cannot be downloaded to the Desktop. Setting Encryption Policy for Outbound Mail From the BLOCK/ACCEPT pages you can create global custom encryption policy for secure transmission of outbound mail based on: 62 Barracuda Spam & Virus Firewall Administrator’s Guide . email address. OR you can download the Outlook Add-In for your Microsoft Exchange Server to enable users to choose encryption from the New Message window in their MS Outlook client.Encryption of Outbound Mail For health care providers. Actual encryption of outbound mail is performed by the Barracuda Email Encryption Service. or the ADVANCED > Queue Management pages. sensitive and valuable information communicated via email. so system performance is never affected. the Barracuda Spam & Virus Firewall provides the option of email encryption based on policy you set for outbound mail in the BLOCK/ACCEPT pages. You must validate sending domains from the DOMAINS > Manage Domain > ADVANCED > Encryption page for each domain that is allowed to send encrypted messages. See Outlook and Lotus Notes Plugins on page 59 or the USERS > User Features page in the Barracuda Spam & Virus Firewall Web interface for information on deploying the Outlook Add-In. make sure of the following: • • Your Energize Updates subscription is current. See the Subscription Status section on the BASIC > Status page of the Barracuda Spam & Virus Firewall. If you already have an email encryption server or service. the message body will not be displayed on the BASIC > Message Log. These global encryption policies will apply to all domains from which encrypted email messages are sent. see steps 4-6 of Sending and Receiving Encrypted Messages on page 63in this chapter. etc. you can specify a hostname (FQDN) or IP address and port in the Redirection Mail Server TCP/IP Configuration section of the BASIC > IP Configuration page to which the Barracuda Spam & Virus Firewall should redirect outbound mail for encryption.

deleted or forwarded. The administrator can then deliver the message if desired. the administrator can deliver. but the message body does not. as it is encrypted for security purposes. The first time the recipient clicks this link.) These policies will apply for ALL domains from which you send encrypted email. Outbound messages that meet this filtering criteria are sent over a TLS channel to the Barracuda Message Center for encryption. You can optionally create custom text or html notification message content and subject from the same page. • If an encrypted message is blocked due to policy. From the BASIC > Outbound Quarantine page.• • • • Sender email address and/or domain Recipient email address and/or domain Attachment Filename pattern and/or type as well as attachment content Content and content type (such as. the Barracuda Message Center will prompt for creation of a password. 4. The administrator creates a filter from one or more of the BLOCK/ACCEPT pages to encrypt certain types of outbound messages. Branding You can brand encryption notification emails (see Sending and Receiving Encrypted Messages below) as well as encrypted messages with an image and a domain name to be displayed with the image. Blocking and Queuing • If an encrypted message is quarantined. The email client looks and behaves much like any Web-based email program. The Barracuda Message Center sends a notification to the recipient of the email message that includes a link the recipient can click to view and retrieve the message from the Barracuda Message Center. the administrator will not see the message contents. branding is configured at the per-domain level on the ADVANCED > Encryption page where you can upload an image from your local drive or network. Notifications can be branded as described above. the message can be delivered. Outbound Filtering Policy 63 . rejected. for example. Sending and Receiving Encrypted Messages The Barracuda Message Center provides a Web-based email client for receiving and managing encrypted email sent by the Barracuda Spam & Virus Firewall. but can view the message header information and the reason the message was encrypted as well as the reason it was quarantined on the BASIC > Message Log page. but can view the message header information and the reason the message was encrypted as well as the reason it was blocked on the BASIC > Message Log page. Encryption and Quarantine. The outbound message information appears in the Barracuda Spam & Virus Firewall Message Log. re-queue or delete the message. • For encrypted messages in the queue. The workflow for email encryption is as follows: 1. Thereafter the recipient can re-use that password to pick up subsequent encrypted messages. From the ADVANCED > Queue Management page. secured credit card info. Once you have validated a domain through the Barracuda Spam & Virus Firewall. 2. the administrator will not see the message contents but can view the message header information and why the message was encrypted. 5. the administrator will not see the message contents. 3.

The administrator can decide how to deal with outbound messages suspected be spam based on the Outbound Spam Scoring Limits as configured on the BASIC > Spam Checking page. rejected. messages in outbound quarantine can be viewed and managed by domain under DOMAINS > Manage Domain > BASIC > Outbound Quarantine. Configure outbound quarantine settings discussed here from the BASIC > Quarantine page. the response will also be encrypted and the sender will receive a notification that includes a link to view and retrieve the message from the Barracuda Message Center. Spam scoring limits (from 0 to 9. The recipient logs into the Barracuda Message Center and is presented with a list of email messages. When the recipient replies to the encrypted email message.9) can determine whether to send. • Managing Outbound Quarantine For outbound mail. If a message is blocked due to its spam score. Blocking the message means it will not be delivered. Additionally. if at all. Regardless of these settings. with a few differences. As with inbound quarantine notifications. Spam Scoring The last filtering event applied to an outbound email message is assignment of a score based on the probability that it is spam. a non-delivery receipt (NDR/bounce message) is also sent to the sender by the Barracuda Spam & Virus Firewall. indicating when “old” quarantined outbound messages should be removed from the Barracuda Spam & Virus Firewall. outbound messages can be encrypted based on filtering criteria you configure on the BLOCK/ACCEPT pages. deleted or delivered by the administrator. there is no per-user quarantine mechanism on the Barracuda Spam & Virus Firewall as there is with inbound mail. At the domain level. quarantine or block outbound messages: • Quarantining the message means that the message is suspected to be spam or in violation of policy. and messages that violate outbound policies you have configured will be placed in outbound quarantine for the system. Immediate notifications can be sent to the administrator via the specified Notification Address whenever an outbound message is placed into quarantine. and will be stored on the Barracuda Spam & Virus Firewall for the administrator to review. The message can then be whitelisted. All encrypted messages received will appear in this list for a finite retention period or until deleted by the recipient. much like any Web-based email program. and if the Send Bounce option for Outbound is set to Yes in the Spam Bounce (NDR) Configuration section of the ADVANCED > Bounce/NDR Settings page. which are described here. a quarantine summary can be sent on a daily or weekly basis. quarantined outbound messages are always retained for at least 3 days. 64 Barracuda Spam & Virus Firewall Administrator’s Guide . A Size Retention Policy can be specified for outbound mail.6. Messages that meet or exceed the scoring level you set on the BASIC > Spam Checking page for the quarantine of outbound messages. These messages will be logged and can be viewed on the BASIC > Outbound Quarantine page. Use this option together with the Size Limit (KB) to limit the amount of disk space allotted on the Barracuda Spam & Virus Firewall for storing quarantined outbound mail. Spam Filtering and Quarantine of Outbound Mail Outbound mail shares some of the same block / accept mechanisms available for inbound mail.

Outbound Filtering Policy 65 . the intent of that sender should be determined before accepting the message as valid.Quarantine of outbound messages can also be disabled completely (which is recommended). Rate Control for outbound email. it is recommended to whitelist (Allow) by IP address only. encrypt or redirect policies that you configure in the BLOCK/ACCEPT pages. the Barracuda Spam & Virus Firewall will defer any further connection attempts from that particular sender until the next time frame. The best practice is to know the IP addresses of trusted senders and forwarders of email and define those on the Barracuda Spam & Virus Firewall as “Allowed” by adding them to a whitelist of known good senders. block. So. Deferred outbound messages will be logged as Rate Controlled in the Message Log. however. no outbound messages are stored on the Barracuda Spam & Virus Firewall. can also be applied based on sender email address. Note BLOCK/ACCEPT policies created at the per-domain level do NOT apply to outbound messages. then configuring policies on the BLOCK/ACCEPT pages ONLY applies to inbound messages for that domain. page 52. Domain and Email Address Filtering of Outbound Mail IP Address Filtering After applying rate controls. Warning Barracuda Networks does NOT recommend whitelisting domains because spammers will spoof domain names. or “not spam”. If it is disabled. for example. IP. When possible. Sender Based Rate Control. Various methods for discerning “good” senders of email versus spammers are described in this section to help you to quickly configure your Barracuda Spam & Virus Firewall per the needs of your organization. is configured on the BLOCK/ACCEPT > Rate Control page. including specifying email addresses you wish to exempt. Once the true sender of an outbound email message is identified. then clicking Manage Domain for a particular domain. applying quarantine. If the number of recipients from a sender email address exceeds the specified Maximum recipients per Sender over a 30 minute time period. the Barracuda Spam & Virus Firewall performs analysis on the IP address. navigating to the DOMAINS page. Rate Control for Outbound Mail Outbound mail is rate controlled based on IP address by the Barracuda Spam & Virus Firewall as described in Rate Control.

Instead. . etc. not to mention spreading the malware. or TLD. thereby possibly landing your domain(s) or IP address(es) on a blocklist. but do go through virus checks. blocked. you can use the Common Reverse DNS Rules to tag (inbound only). You can also specify one of the actions listed above to take with outbound messages if attached archive files (zip. etc. block or quarantine any message that has an associated hostname that includes that country's TLD. Note Adding your own domain to the sender whitelist is not allowed because spoofing the domain of the recipient is a frequently used spamming technique.ru for Russia. in addition to Block and Quarantine. The online help for the BLOCK/ACCEPT > Attachment Filters page includes a link to a Regular Expressions help page that covers text patterns you can use for advanced filtering. Note that. Email which is not blocked is subject to all of the usual spam and virus checks.) require a password to unpack. it can send out spam emails. common text attachment file types and attachment MIME types can be applied to outbound mail just as it can be to inbound mail. encrypted or redirected from the BLOCK/ACCEPT > Recipient Filters page.ca for Canada. Note that both inbound and outbound email messages from whitelisted (“allowed”) domains/subdomains bypass spam scoring as well as all other blocklists. filter actions for outbound mail include Encrypt and Redirect. Use the Custom Reverse DNS Rules to quarantine or block outbound messages from hostnames ending with values that you specify. Most TLDs include a country identifier. such as . The last part of a hostname is known as the top level domain. By configuring rules on the BLOCK/ACCEPT > Reverse DNS page. see Encryption of Outbound Mail on page 62. you can choose to apply “common” reverse DNS rules by country or create “custom” rules to quarantine or block outbound messages from those domains. Use the BLOCK/ACCEPT > Sender Filters page to control which domains and email addresses can send email out through the Barracuda Spam & Virus Firewall. 66 Barracuda Spam & Virus Firewall Administrator’s Guide . Email addressed from specified email addresses and domains/subdomains can also be encrypted or redirected from the BLOCK/ACCEPT > Sender Filters page. Attachment Filename and Type Filtering Attachment filtering based on filename patterns you specify. Reverse DNS Blocking The Barracuda Spam & Virus Firewall does a reverse DNS lookup on inbound and outbound IP connections and finds the hostname associated with the IP address of the sender. add the IP address of your mail server(s) to the Allowed IP/Range list using the BLOCK/ACCEPT > IP Filters page. See the BLOCK/ACCEPT > Attachment Filters page for details on settings. Outbound email addressed to specified email addresses (recipients) or domains/subdomains can also be allowed.Sender and Recipient Filtering If any of the computers in your organization get infected with a botnet or other malware. If most or all of the mail that you receive from a particular country is spam. For more information about email encryption and redirection.tar. List the sending domains or subdomains you want to whitelist on the BLOCK/ACCEPT > Sender Filters page.

and block or quarantine actions can be specified accordingly on the BASIC > Spam Checking page. social security numbers (USA only).S. Information types such as credit card patterns. html. Attachment Content Filtering is limited to text type files such as MS Office files. and these filters are more commonly used in the U. Barracuda Real-Time Protection must be enabled on the BASIC > Virus Checking page. including those from whitelisted senders. message body or attachment. Note that HTML comments and tags imbedded between characters in the HTML source of a message are filtered out so content filtering applies to the actual words as they appear when viewed in a Web browser. Note that the format of this data varies depending on the country.Outbound All outbound messages. in addition to Block and Quarantine. message headers..Outbound Outbound messages can undergo Fingerprint Analysis if you enable this feature for both inbound and outbound mail on the BASIC > Spam Checking page. go through attachment filtering. and combinations of privacy information such as birthday and driver’s license.Outbound Custom content filtering based on the subject line. filter actions for outbound mail include Encrypt and Redirect. as well as a diagnosis/prognosis as defined under HIPAA. can be filtered using Barracuda’s predefined regular expressions under the BLOCK/ACCEPT > Content Filters page. See the filtering pages on the BLOCK/ACCEPT tab for details on settings. this feature is applicable for outbound mail. they do not apply to other locales. Intent Analysis . Note that.Outbound As for inbound mail. Fingerprint Analysis . You can also take actions with outbound messages that contain matches to pre-made patterns in the subject line. In order to detect real-time spam fingerprints. See Attachment Filtering on page 55 for details on using these features. encrypt or redirect outbound messages that contain attachments which include text matching the patterns you enter here. Engineers at Barracuda Central work around the clock to identify new spam fingerprints which are then updated on all Barracuda Spam & Virus Firewalls through hourly Barracuda Energize Updates. message body and attachment file type can be applied to outbound mail just as it can be to inbound mail. Outbound Filtering Policy 67 . pdf files and other document files. A notification will be sent to the sender when an outbound message is blocked due to attachment content filtering. You can block. quarantine. Attachment Content Filtering .Outbound Mail Custom Content Filters . The online help for the BLOCK/ACCEPT > Content Filtering page includes a link to a Regular Expressions help page that covers text patterns you can use for advanced filtering.Content Analysis .

Outbound Fingerprint Analysis captures a significant percentage of images after they have been seen. while Image Analysis techniques protect against new image variants.Image Analysis . also apply to outbound messages. 68 Barracuda Spam & Virus Firewall Administrator’s Guide . Image Analysis is configured on the BASIC > Spam Checking page. The techniques detailed in Image Analysis. page 57.

.... Once email passes through the CPL............... Advantages of Using Cloud-Based Protection......... 70 Configuring Cloud Protection Layer Spam & Virus Settings.....Chapter 7 Cloud-Based Protection The optional Cloud Protection Layer (CPL) feature of the Barracuda Spam & Virus Firewall is an additional layer of protection that blocks threats before they reach your network and provides email continuity..... recipient verification.... 71 Cloud-Based Protection 69 ...... You’ll use the Barracuda Control Center for central management of both your CPL and your Barracuda Spam & Virus Firewall(s) (see Using the Barracuda Control Center on page 112)...... 70 Setting Up Your Cloud Protection Layer ....... the Barracuda Spam & Virus Firewall filters email according to the more granular policies.............. quarantining and other features you configure on the system......................

If not. log in and skip to step 4. Click on the Cloud Protection Layer link and navigate to the DOMAINS > Domains page. Immediate Response – automatic updates in real-time leveraging threat intelligence from Barracuda Labs and Barracuda Central to continuously stay ahead of quickly morphing threats. enter the username and password you created for your Barracuda Networks account. refresh your browser page. If you already have an account. The CPL does not support tagging or quarantine of email. 5. 7. Click the Set up your Barracuda Control Center button.barracudanetworks. Setting Up Your Cloud Protection Layer Begin setup of your CPL by either creating an account with Barracuda Networks or logging in with your existing account. Click Yes for Connect to Barracuda Control Center to connect your Barracuda Spam & Virus Firewall to the Barracuda Control Center. From the product ADVANCED > Firmware Upgrade page. Enter your name and contact information. From the Sign In page. In another browser tab or window. business name and location. which offloads a significant volume of spam email to be filtered via the cloud. Note that the CPL can be configured with many of the same block/accept policies you would apply to the Barracuda Spam & Virus Firewall. 4. In the Barracuda Control Center window. or ‘nodes’ listed: • The Cloud Protection Layer node • Each Barracuda Spam & Virus Firewall with its serial number 3. Click on the Control Center link at the top of the page. You’ll see the Barracuda Control Center Status page and a message indicating that no products have yet been connected. but only provides the Block and Allow actions. Here are some of the great benefits of enabling this feature: • • • Dual Protection Points – comprehensive onsite and cloud-based threat protection including the Barracuda Anti-Virus Super Computing Grid and Barracuda Advanced Anti-Fraud Intelligence.Advantages of Using Cloud-Based Protection The CPL (CPL) provides yet another layer of security by pre-filtering inbound email for spam and viruses in the cloud before it reaches your actual network. the Spam & Virus Firewall group with two components. 8. log into your Barracuda Spam & Virus Firewall. Any additional user accounts you add at a later time will be listed on this page. download and install it now. From the ADVANCED > Control Center page. You should see. Email Burst Handling – email surge suppression during peak traffic and spam spikes. Make a note of your username (email address) and your password. check to make sure you have the latest firmware installed.com and click the Customer Login link in the upper right corner of the page. associated privileges. After submitting your new account information. click the Create a new account link. 2. and then click the Save Changes button. do the following: 70 Barracuda Spam & Virus Firewall Administrator’s Guide . Visit http://www. Note that your Barracuda Spam & Virus Firewall can connect with only one Barracuda Control Center account at a time. in the Products column in the left side of the page. you’ll see the Account > Users page which shows your account name. 6. For each domain for which you want the CPL to filter email. username and products you’ve associated with your Barracuda Networks account. 1.

BLOCK/ACCEPT and ADVANCED > Email Protocol pages. when you click on the Email Security group in the same pane. the CPL will not receive email for that domain. Important: If your Barracuda Spam & Virus Firewall is behind a firewall. Port field and click Add Domain. the CPL will not be able to validate your domains. To see how many messages were blocked by the CPL. the administrator can view the BASIC > Message Log page of the service to get an idea of how many messages are being blocked by the CPL. with reasons for each of those actions. then navigate to the BASIC > Status page. and the status of the domain in the table will change from Verify to Re-verify. Enter one of the domains you have configured on the Barracuda Spam & Virus Firewall using the New Domain Name field on this page. The CPL will verify domain ownership. the configuration on your Barracuda Spam & Virus Firewall will automatically be copied to your CPL so you don’t have to re-configure policy for your existing domains. For greatest security. Viewing Email Statistics When you click on the top level of the Barracuda Control Center Products list. Finally. change the MX Record of each domain you've added to that shown in the Manage Domains table. it is highly recommended that you enable virus scanning and Barracuda Real-Time Protection on the BASIC > Virus Scanning page in the CPL. Configuring Cloud Protection Layer Spam & Virus Settings You can configure most of the same filtering policies and SMTP settings in the CPL web interface that you can on your Barracuda Spam & Virus Firewall using the BASIC. Important: Initially. Repeat this step for each domain. In the Destination Server field. This page shows you ONLY statistics for inbound traffic through the CPL. 8d. click on that link under the Email Security group in the Products list and navigate to the BASIC > Status page. but not always. the IP Address from the BASIC > IP Configuration page. enter the external facing IP address of your Barracuda Spam & Virus Firewall. 9. To see how many messages were blocked by one or more of your Barracuda Spam & Virus Firewalls. If you have not verified ownership of the domain. Cloud-Based Protection 71 .8a. You can then edit policies in the CPL if needed. Use these traffic profiles along with the Message Log to determine how to best tune your spam policies. you’ll see statistics for all inbound mail through both the CPL and all inbound and outbound mail for the Barracuda Spam & Virus Firewall. expand the All Spam & Virus Firewalls link and click on the system you want to view. However. This is typically. Reviewing the log will give an idea of how current CPL (as well as Barracuda Spam & Virus Firewall) settings are filtering messages. 8b. 8c. Add the port of the destination server in the Dest. you will see statistics for ALL of your products. including the CPL for your Barracuda Spam & Virus Firewall.f Monitor Incoming Emails Once email is flowing through the CPL.

Messages that are Allowed passed through filters in both the CPL and the Barracuda Spam & Virus Firewall. Remember that only the Barracuda Spam & Virus Firewall tags or quarantine messages. 72 Barracuda Spam & Virus Firewall Administrator’s Guide . the Reason column in the log indicates whether the message was blocked by the CPL or the Barracuda Spam & Virus Firewall. where ‘123456’ represents the serial number.Integration With the Barracuda Spam & Virus Firewall The CPL Message Log fully integrates inbound email activity processed by the CPL with inbound email activity processed by the Barracuda Spam & Virus Firewall. For the Barracuda Spam & Virus Firewall.You can look in the Reason column The Action and Reason columns in the CPL Message Log are the key to seeing how the CPL blocks spam and virus threats before they reach your network. For messages blocked by the CPL. the Reason value will be appended by [Cloud Protection Layer]. the Reason value will be appended by [BAR-SF123456]. For blocked messages.

........................................ recipient verification.......... 74 Recipient Verification.............. Sender Authentication .......................................................... 81 Remote Administration.............Chapter 8 Advanced Configuration This chapter covers advanced administration topics including configuring sender authentication........... clustering the Barracuda Spam & Virus Firewall and remote administration via the Barracuda API........................................................ 82 Advanced Configuration 73 .......... advanced networking topics................................................ 77 Clustering the Barracuda Spam & Virus Firewall .............................................................................. 76 Remote IMAP/POP Accounts ....... 77 Advanced Networking ........................................................................................ 80 Non-Delivery Reports (NDRs) .......

Mail Protocol (SMTP) Checking The Barracuda Spam & Virus Firewall can perform thorough checks on incoming email for RFC 821 compliance. Sender Spoof Protection The Barracuda Spam & Virus Firewall has the option to prevent “spoofing” of an organization’s own domain by blocking emails with that domain name in the “From” field that are sent from outside the organization. Each blocked message is recorded in the Message Log with the reason "Invalid Bounce".. any bounced email received by the Barracuda Spam & Virus Firewall that does not include that tag is blocked. Configure Invalid Bounce Suppression on the BLOCK/ACCEPT > Sender Authentication page and enter a Bounce Suppression Shared Secret as a non-null password which will be included in the headers of valid emails sent from and bounced back to the Barracuda Spam & Virus Firewall. Note that sender spoof protection should not be enabled if the organization sends messages from outside their internal email infrastructure (e. refer to Configure Scanning of Outgoing Mail. the Barracuda Spam & Virus Firewall must have Outbound Relay configured on the BASIC > Outbound page. page 35. i. you don’t want to get bounced messages from spammers who spoof your domain or email address. in the case of marketing bulk-mail services). Note To use the Invalid Bounce Suppression feature. The Sender Spoof Protection feature can be configured at the global level from the ADVANCED > Email Protocol page or at the per-domain level on the DOMAINS > Manage Domain > ADVANCED > Email Protocol page.. The following techniques are used to verify the “from” address of a message.Sender Authentication This is a key feature of the Barracuda Spam & Virus Firewall for protecting your network and users from spammers who might “spoof” a domain or otherwise hide the identity of the true sender. Invalid Bounce Suppression The Invalid Bounce Suppression feature is used to determine whether or not the bounce address specified in a message is valid..e. and otherwise manage SMTP protocol to block spammers. 74 Barracuda Spam & Virus Firewall Administrator’s Guide . Note that if the administrator enables Sender Spoof Protection at the global level it will supersede any whitelist entry created at the per-user level by a User.g. For more details about Outbound Relay. Helpdesk or Domain Admin account holder. Email bounces that don’t include the password will be blocked if this feature is enabled. this feature is labeled as Reject messages from my domain. With Invalid Bounce Suppression enabled. At the domain level. Every email sent from the Barracuda Spam & Virus Firewall is tagged with an encrypted password and expiration time. however. require mail clients to introduce themselves with an SMTP "HELO" or "EHLO" command before stating a sender. It is designed to reduce the number of bounce messages to forged return addresses. See the ADVANCED > Email Protocol page for these and other optional SMTP settings.

which is used for the delivery of messages. it will be allowed to go on to the next stage of processing.org. Domain Keys (DKIM) Inspection DomainKeys is a method of email authentication that enables a sending domain to cryptographically sign outgoing messages.In a clustered environment.openspf. The Barracuda Spam & Virus Firewall scans the IP addresses in the Received From headers list of each email and performs an SPF check on the first IP address that is not in the list of Trusted Forwarders. SPF works by having domains publish reverse MX records to display which machines (IP addresses) are designated as valid mail sending machines for that domain. the Bounce Suppression Shared Secret will be synchronized across all Barracuda Spam & Virus Firewalls in the cluster. The recommended setting is to Tag messages identified by SPF as spam so that if there is any possibility that a message is legitimate. as well as rate control and IP Reputation checks. the Barracuda Spam & Virus Firewall knows it contains a spoofed address or has been tampered with or changed. the recipient can check those records to make sure mail is coming from a designated sending machine. the Barracuda Spam & Virus Firewall can check the signature of the message to verify that the message is. on the BASIC > IP Configuration page. For more information on SPF. the default setting for the Enable SPF feature on the BLOCK/ACCEPT > Sender Authentication page is No (off). indeed. Because most spam messages contain spoofed addresses. When receiving a message from a domain. The benefits of enabling this feature include: • Email sender is validated • Email body is validated Advanced Configuration 75 . For incoming messages. DomainKeys uses a public and private key-pairs system. If the incoming message cannot be verified. it will retrieve the public key from the sending server's DNS records and then compare that key with the message's DomainKeys signature to determine its validity. which will be ignored when performing SPF checks.Trusted Forwarders You may specify a list of Trusted Forwarder IP addresses. for this reason. The current version of SPF protects the envelope sender address. Trusted Forwarders are mail servers that are set up specifically to forward email to the Barracuda Spam & Virus Firewall from outside sources. Exemptions from SPF Checking . Sender Policy Framework (SPF) Sender Policy Framework (SPF) is an open standard specifying a method to prevent sender address forgery. please visit http://www. When receiving a message from a domain. when the Barracuda Spam & Virus Firewall sees that a message has been signed. Enabling this feature does create more performance overhead for the system due to the multiple DNS queries needed to retrieve a domain's SPF record. An encrypted public key is published to the sending server's DNS records and then each outgoing message is signed by the server using the corresponding encrypted private key. from the sending domain and that the message has not been tampered with. it may be spam. DomainKeys can help greatly in the reduction of spam. allowing the sending domain to assert responsibility for a message. If the message fails the SFP check. Messages that fail SPF check can be tagged or blocked and will be logged as such.

Valid Recipients (Explicitly Accepted Users) can be specified either at the global level from the ADVANCED > Explicit Users page or at the per-domain level from the DOMAINS > Domain Manager > USERS > Valid Recipients page. the Barracuda Spam & Virus Firewall provides a local database with which email recipients can be compared for validation. If LDAP is not configured. depending on how you configure DomainKeys Inspection on the BLOCK/ACCEPT > Sender Authentication page. 76 Barracuda Spam & Virus Firewall Administrator’s Guide . You can also exempt domains from being tagged. the maximum is 1000 per domain. Recipient Verification LDAP lookup On the Barracuda Spam & Virus Firewall 300 and higher. it is safest to NOT exempt domain names from any kind of spam filtering due to the possibility of domain name spoofing by spammers. block or quarantine both DKIM signed messages that fail the DKIM database check as well as unsigned messages. and on the Barracuda Spam & Virus Firewall 800 and above. Domino Directory and OpenLDAP. Custom policies Organizations can define their own allowed sender domains or email addresses for sender authentication using the BLOCK/ACCEPT > Sender Filters page. the limit is 5000 per domain. Note that the number of entries in the text box for Explicitly Accepted Users and Alias Linking is limited by model: on the Barracuda Spam & Virus Firewall 600 and lower. quarantine or tag) their domain names on the BLOCK/ACCEPT > Sender Filters page to prevent domain name spoofing. See the online help on that page for details about entering your server details. Explicit Users to Accept For (Valid Recipients) If LDAP lookup is not being used for recipient verification. quarantined or blocked if they fail this check. Novell eDirectory. DomainKeys inspection does require more CPU resources to encrypt & decrypt the key and is turned off by default. Configuration of LDAP lookup is done by domain from the DOMAINS > Domain Manager page. As stated elsewhere in this guide. you’ll configure LDAP on the USERS > LDAP Configuration page. the Barracuda Spam & Virus Firewall will do SMTP recipient verification through RCPT TO commands. email recipients can be validated with your existing LDAP server. LDAP server types supported include Active Directory. After clicking Manage Domain for the selected domain. but the safest way to indicate valid senders on the Barracuda Spam & Virus Firewall is to whitelist (allow) the IP addresses of trusted email servers on the BLOCK/ACCEPT > IP Filters page. then blocklist (block.• Validation through DNS is difficult to foil • DomainKeys works well with email forwarding because it doesn’t deal with the relay server IP address You can choose to tag.

To administer the local database, either at the global or domain level, fill in the text box in the Explicit Users to Accept For section of the page, entering each email address for which the Barracuda Spam & Virus Firewall should accept email. If you select Yes for the Only accept email for these recipients feature, email will REJECTED for any email recipients not in the list. Note that domainspecific lists override the global list.

Alias Linking
Alias linking allows quarantined email from multiple accounts to be directed to one account when using per-user quarantine. In the ADVANCED > Explicit Users page you can specify the email addresses to be linked together in the Explicit Users to Accept For and Alias Linking text box. See the online help on that page for more details.The quarantine account for all of the linked email addresses will be associated with the first email address. Make sure to also enter the first email address on a separate line as well. In this way, a "catchall" account can be created to receive all quarantined emails from a particular domain.

Remote IMAP/POP Accounts
The Barracuda Spam & Virus Firewall provides an email-retrieval and forwarding utility which fetches email from remote mail servers and forwards it to your local machine's delivery system. You can repeatedly poll each account at a specified interval. This utility can gather mail from servers supporting POP3 and IMAP and is configured from the ADVANCED > Remote IMAP/POP page. Note that all email will be DELETED from the remote mail server after retrieval by the Barracuda Spam & Virus Firewall. There are two types of operations for each account from which the Remote Accounts utility retrieves mail: Global and User. With the User type, it is assumed that all messages in the user's account are intended for a single recipient. The Global type is used when multiple recipients under the same domain are specified for a particular server account. From the ADVANCED > Remote IMAP/POP page you can specify polling interval, SSL (yes/no), user account passwords and email addresses.

Clustering the Barracuda Spam & Virus Firewall
Deploying clustered Barracuda Spam & Virus Firewalls is easy - once you configure one of the devices, configuration settings are synchronized across the cluster almost immediately. Clustered systems can be geographically dispersed and do not need to be located on the same network. Every Barracuda Spam & Virus Firewall in a cluster must be the same model (400 and above) and have the same version of firmware installed. Instructions to set up and configure a Barracuda Spam & Virus Firewall cluster, including removing a system from the cluster, are detailed on the ADVANCED > Clustering page. IMPORTANT: When replacing a failed system in a cluster, be sure to follow step #3 as described below under Removing a Barracuda Spam & Virus Firewall From a Cluster, page 79.

Advanced Configuration 77

Setting Up Clustered Systems
To cluster two Barracuda Spam & Virus Firewalls together, where one system is designated as “Barracuda1” and the other is designated “Barracuda2”, do the following:
1. 2.

Complete the installation process for each system as described in Install the Barracuda Spam & Virus Firewall, page 29. From the ADVANCED > Task Manager page on the Barracuda1 system, verify that no processes are running. Complete this step for the Barracuda2 system as well. No processes should be running when you add a system to a cluster. From the ADVANCED > Clustering page on the Barracuda1 system, enter a Shared Secret password for the cluster, and click Save Changes. From the ADVANCED > Clustering page on the Barracuda2 system, do the following:
4a. Enter the same Shared Secret password, and click Save Changes. 4b. In the Clustered Systems section, enter the IP address of the Barracuda1 system and click Join Cluster.

3. 4.

5.

On each Barracuda system, refresh the ADVANCED > Clustering page, and verify that: • Each system’s IP address appears in the Clustered Systems list • The status of each server is green

The following example shows two servers in a cluster with a green status.

Figure 8.1: Two Barracuda Spam & Virus Firewall systems in a cluster

Make sure each clustered server’s IP address appears in this list.

Make sure the status of each server is green.

6.

Distribute the incoming mail traffic to each Barracuda Spam & Virus Firewall using a Barracuda Load Balancer (preferred) or another load balancing device, or use multiple DNS MX records of equal priority. Each Barracuda Spam & Virus Firewall in a cluster must be on exactly the same firmware version. See the online help on the ADVANCED > Clustering page for instructions in updating the firmware on all systems in the cluster at the same time.

7.

78

Barracuda Spam & Virus Firewall Administrator’s Guide

Removing a Barracuda Spam & Virus Firewall From a Cluster
1.

Log into the system to be removed and change or clear the Cluster Shared Secret on the ADVANCED > Clustering page. Click Save Changes. Changing the cluster shared secret prevents the systems in the cluster from communicating with one another. On the same system, delete all other systems from the Clustered Systems list. On any system that remains in the cluster, go to the ADVANCED > Clustering page. In the Clustered Systems list, delete the system to be removed from the cluster. This step is very important when removing a failed Barracuda Spam & Virus Firewall from a cluster.

2. 3.

Centralized Policy Management With a Quarantine Host
You can optionally designate one Barracuda Spam & Virus Firewall as the “host” of the cluster such that all administration of configuration settings and access to per-user quarantine for the cluster can only be accessed and set from that node. This option has two advantages: it provides for additional security by limiting access to administration of the cluster, and it protects the user interface from mail processing load since, with this configuration, you do not direct any email traffic to the host node. If you want to set up one Barracuda Spam & Virus Firewall as the host of the cluster, enter the hostname of that device in the Quarantine Host field on the BASIC > Quarantine page and do not direct any email to that device.

Redundancy of user quarantine data on the cluster
Each user account has a primary and backup server in the cluster. Regardless of how many Barracuda Spam & Virus Firewalls there are in the cluster, there are always two appliances that have the same quarantine information (configuration and quarantine messages).

Data Not Synchronized Across the Cluster
Clustering not only makes managing multiple Barracuda Spam & Virus Firewalls more manageable, it also provides 100% redundant coverage of the propagated data. However, for practical reasons, some data is not propagated to the other clustered systems when a new system joins. Energize updates do not synchronize across systems in a cluster. The following Barracuda Spam & Virus Firewall configurations are considered unique and will not sync to match other Barracuda Spam & Virus Firewalls in a cluster: • IP Address, Subnet Mask, and Default Gateway (on the BASIC > IP Configuration page) • Primary DNS Server and Secondary DNS Server (on the BASIC > IP Configuration page) • Serial number (this will never change) • hostname (on the BASIC > IP Configuration page) • Any advanced IP configuration (Barracuda Spam & Virus Firewall 600 and above, on the ADVANCED > Advanced Networking page) • Administrator password • Guest password • Time Zone (on the BASIC > Administration page)

Advanced Configuration 79

This is a per-domain setting. if enabled and used. though this must be the same for the cluster to work properly (on the ADVANCED > Clustering page) • Local Host Map (on the ADVANCED > Clustering page) • SMTP Welcome Banner (on the ADVANCED > Email Protocol page) • Web Interface HTTP Port (on the BASIC > Administration page) • Web Interface HTTPS/SSL port (on the ADVANCED > Secure Administration page) • Any other secure administration configuration. filtering email for domains on separate networks and improving throughput. including saved certificates (on the ADVANCED > Secure Administration page) • Quarantine Host (on the BASIC > Quarantine page) • All SSL/TLS information. when you install the Barracuda Spam & Virus Firewall between the Internet and your mail server. • The Valid Recipients list on the DOMAINS > Manage Domain > USERS > Valid Recipients page. Advanced Networking Port Forwarding If your organization has a single public IP address. you can forward incoming SMTP traffic (port 25) from port 80 on the Barracuda to your mail server using the Port Forwarding feature from the ADVANCED > Advanced Networking page. Static Routes You can specify a default gateway between the Barracuda Spam & Virus Firewall and a mail server on another subnet in your organization using the Static Routes feature on the ADVANCED > 80 Barracuda Spam & Virus Firewall Administrator’s Guide . on the ADVANCED > Explicit Users page.• Cluster hostname (on the ADVANCED > Clustering page) • Cluster Shared Secret. This is a global setting. Up to 250 IP addresses can be configured per NIC. you can configure each of the two Ethernet (NICS) interfaces directly from the ADVANCED > Advanced Networking page to accept email on both interfaces or to route ingress email to one NIC and egress through the other NIC. Configuring the Network Interfaces With the Barracuda Spam & Virus Firewall 600 and higher. Benefits of this feature include redundancy. on the ADVANCED > Advanced Appearance page) • The Explicit Users To Accept For list. including saved certificates (on the ADVANCED > SMTP/TLS page) • Whether to only display local messages in the message log (Only view local messages on the BASIC > Message Log > Preferences page) • Whether the latest release notes have been read • All customized branding (Barracuda Spam & Virus Firewall 600 and above.

Non-Delivery Reports (NDRs) Spam Bounce Non-Delivery Reports (NDRs) The Barracuda Spam & Virus Firewall sends NDRs to email recipients and senders when one of their messages is blocked. Sending bounce messages to illegitimate senders. The NDR contains a brief explanation of why the Barracuda Spam & Virus Firewall blocked the message. Loopback Adapter If you want to use this Barracuda Spam & Virus Firewall with a Barracuda Load Balancer in Direct Server Return mode. is known as “backscatter”. If your Barracuda Spam & Virus Firewall rarely blocks a legitimate email. Reducing Backscatter By default. then sending a bounce notification is not necessary. However. If you are using any other mode you do not need to make any changes to the Barracuda Spam & Virus Firewall configuration. Each Virtual IP address supported by the Real Server (the Barracuda Spam & Virus Firewall in this case) requires its own loopback adapter. your domain could end up on a real-time blocklist as a consequence. Information that you may want to add to an NDR includes the contact information of the Barracuda Spam & Virus Firewall administrator so that internal users know who to contact if they have questions about a blocked message. You may want to enable NDRs to alert legitimate senders that their message has not been delivered to the recipient. enter a Virtual IP address in the Loopback Adapter Configuration field on the ADVANCED > Advanced Networking page. The ADVANCED > Bounce/NDR Messages page allows for customizing the information in an NDR and for selecting the default language to use in the message. Advanced Configuration 81 . many spammers spoof valid domains.Advanced Networking page. For each loopback adapter. Additionally. if the email came from an illegitimate source such as a spammer. you must enable a non-ARPing loopback adapter. or to senders who were spoofed and did not actually send the offending message. Additionally. and you don’t want to send bounce messages to your domain if it is being spoofed. your Barracuda Spam & Virus Firewall is configured to NOT send an NDR to a sender when the Barracuda Spam & Virus Firewall blocks their email. This will guarantee that return traffic is routed back to the Barracuda Spam & Virus Firewall from the unassociated network. consider turning off bounce notifications to reduce backscatter by setting the Send Bounce feature on the ADVANCED > Bounce/NDR Settings page to No. Backscatter can increase the load on your Barracuda Spam & Virus Firewall and may generate a lot of email to fake addresses or to senders whose email addresses were spoofed by a spammer.

To view the variables and current settings of the Barracuda Spam & Firewall configuration database. The framework of the API provides for the programmer to get or set variables inside an XML-RPC request that correspond to field values in the configuration database in the Barracuda Spam & Virus Firewall. For example.x. on the ADVANCED > Backup page. For more information on using the APIs. Some languages such as Perl. provide wrappers for XML-RPC requests. you must first enter the IP addresses that are allowed to communicate with the APIs in the Allowed SNMP and API IP/Range field on the BASIC > Administration page.barracuda. firmware version 4. providing an interface to form the request.Remote Administration Barracuda Networks provides a set of APIs for remote administration and configuration of the Barracuda Spam & Virus Firewall. from the BASIC > Spam Checking page. This includes most things that you can set by clicking the Save Changes button in the Barracuda Spam & Virus Firewall Web interface. and you must create an API Password that will be included with all calls to the APIs. These values can be set remotely using the APIs.com/support.x on the Barracuda Web site: http://www. To prepare the Barracuda Spam & Virus Firewall for use with the APIs. for example. see the Barracuda Spam & Virus Firewall API Guide 4. Tag or Quarantine. The APIs work through manipulation of variables inside of the system configuration database. and anything that can be declared in that database can be set or checked with the APIs. you can set global Spam Scoring Limit values for the actions Block. select System Configuration for Backup Type and click the Backup button. 82 Barracuda Spam & Virus Firewall Administrator’s Guide . then click the Save Changes button.

....... 84 Quarantine Options ........................................................................................... 84 Using Global Quarantine .......................... 86 Managing Inbound Quarantine 83 ........... 85 Using Per-user Quarantine . How Quarantine of Inbound Mail Works .....Chapter 9 Managing Inbound Quarantine The Barracuda Spam & Virus Firewall provides a fully featured. robust quarantine function to apply at either a global level or at a per-user level............ This chapter covers some pros and cons of enabling quarantine and how and why to use global or peruser quarantine............................ configurable for each domain managed by the appliance.............................................................

user accounts are created on the Barracuda Spam & Virus Firewall for users listed either in the authentication server (see Automatic Account Creation.How Quarantine of Inbound Mail Works After a message travels through the initial filtering layers of the Barracuda Spam & Virus Firewall. Quarantined messages need to be received and determined to either be delivered to the user’s regular email inbox or deleted. or if you want to reduce load on the mail server while giving users a chance to determine what they consider to be “spam” or “not spam”. no messages are stored on the Barracuda Spam & Virus Firewall. depending on what the administrator enables on the USERS > User Features page at the global level and what the Domain Admin role enables on the USERS > User Features page at the domain level. content filters and other filtering tools in the BLOCK/ACCEPT pages. in the case of per-user quarantine. for example. As the administrator. Quarantine can be enabled or disabled completely. it is assigned a score based on the probability that it is spam. the Barracuda Spam & Virus Firewall does not quarantine incoming messages. IP address. for example. 84 Barracuda Spam & Virus Firewall Administrator’s Guide . messages can be scheduled for regular purging based on age and/or size (see Retention Policy and Purging Old Messages 89). saves system resources that would otherwise be used to store the messages until the user delivers or deletes them. page 94) or in the local database on the Barracuda Spam & Virus Firewall. Spam Scoring and some block/accept policy settings can be further refined at the domain level and/or per-user level. thereby conserving system resources on the Barracuda Spam & Virus Firewall. your organization requires it. quarantine or block. to a special “quarantine inbox” assigned to a user or to a “global” quarantine mailbox designated by the administrator. all quarantined mail is sent to the Quarantine Delivery Address you specify on the BASIC > Quarantine page. as set on the BASIC > Spam Checking page. • Messages can also be determined to be quarantined (as opposed to allowed. page 96. Alternatively. The three options available for configuring quarantine with the Barracuda Spam & Virus Firewall and the pros and cons of each are described below. region. with the subject text modified to indicate that the message might be spam. If it is enabled at the Per-User level. Quarantine Options By default. Quarantining the message means that the message will either be delivered. • • Tagging the message means the user will receive the message in their regular mailbox with the subject text modified to indicate that the message might be spam. blocked or tagged) by custom policies you set based on domain name. Disabling quarantine means less management either by the administrator or by the user and. If it is enabled at the Global level. Blocking the message means it will not be delivered. The administrator can decide how to deal with messages based on the Spam Scoring levels (from 0 to 10): allow. Turning Quarantine Off Barracuda Networks recommends disabling quarantine unless. For more information on the Domain Admin and other account roles. please see Role-based Administration. your organization has a business requirement to provide quarantine of messages suspected to be spam or you don’t want those messages stored on the mail server. tag. but you may want to enable quarantine if. rather. you can configure a Retention Policy to limit the amount of disk space used for storing each user's quarantined messages.

Global quarantine identifies email to quarantine. Using Global Quarantine With global quarantine there is almost no difference in use of system resources versus having quarantine turned off because messages aren’t stored on the Barracuda Spam & Virus Firewall. Enabling global quarantine on the Barracuda Spam & Virus Firewall provides the administrator with complete control over how quarantined messages are handled. Allowing them this control by using per-user quarantine can help reduce the number of messages processed by the Barracuda Spam & Virus Firewall. To set up global quarantine. and it saves system resources because messages are not stored on the appliance. This allows you to identify quarantined messages when you have them delivered to a mailbox that also receives non-quarantine messages. Note: If you have a Barracuda Spam & Virus Firewall 400 or above. you can specify the quarantine delivery address on a per-domain basis by going to the DOMAINS tab and clicking the Manage Domains link. The default text is [QUAR]. You’ll need to enter a Quarantine Delivery Address: on the BASIC > Quarantine page. [QUAR]. Messages determined to be quarantined by the Barracuda Spam & Virus Firewall will have the subject line prepended by the Quarantine Subject Text: as entered on the BASIC > Quarantine page. To disable Quarantine completely. The subject line of each message is prepended with the Quarantine Subject Text (for example. users can communicate domains. with a keyword such as “[BULK]” prepended to the subject line. as specified on the same page). Managing Inbound Quarantine 85 . check the Disable check box next to “Quarantine” in the Spam Scoring Limits section of the BASIC > Spam Checking page. can be filtered by the subject line to a separate folder for later examination by the user (see the BASIC > Spam Checking page and the BLOCK/ACCEPT pages to configure spam scoring and criteria for tagging messages). if using global quarantine. Note that with global quarantine. then using the BASIC > Quarantine page for that domain to configure the address. Global Quarantine can be enabled at the system level or at the domain level.This mailbox can either be on the mail server that the Barracuda Spam & Virus Firewall protects or a remote mail server. users will have no control over whitelisting or blocklisting of email addresses. IP addresses or email addresses that should be white or blocklisted to the administrator to configure at the global level. thus saving system resources • The user doesn’t have an extra quarantine inbox to manage • Tagged messages.An alternative to using quarantine is tagging email that may be spam based on scoring or are otherwise identified as possible spam. However. rewrites the “From” address of the message and sends it to the Quarantine Delivery Address specified on the BASIC > Quarantine page. Global quarantine does require some time and effort by the administrator to manage quarantined messages. Benefits include: • No messages are stored on the Barracuda Spam & Virus Firewall. From the BASIC > Quarantine page. they are forwarded to a mailbox as designated by the administrator. make sure that the Disable check box next to Quarantine in the Spam Scoring Limits section is NOT checked. select the Quarantine Type to Global and configure settings as described below for Global Quarantine. from the BASIC > Spam Checking page. which they do have with per-user quarantine.

If the email patterns of your organization are such that many emails include large attachments (as with architecture firms. To set up per-user quarantine. You may employ one or more “power users” to manage it. See the Mail/Log Storage indicator in the Performance Statistics pane of the BASIC > Status page to monitor disk storage on the Barracuda Spam & Virus Firewall. select the Quarantine Type to be Per-User and configure settings as described below for Global Quarantine. If Per-User quarantine is set by the administrator or the Domain Admin can either enable or disable Per-User quarantine at the domain level. The Linking Domains feature. keep in mind that quarantined email stored on the Barracuda Spam & Virus Firewall requires storage capacity. marketing firms. the Barracuda Spam & Virus Firewall will automatically create quarantine accounts for all users listed in the authentication server or local database as configured at the domain level. You can also allow the user to control their whitelist (allowed) and blocklist (blocked) of email addresses. If a user's quarantine inbox is disabled (by an administrator or a Domain Admin or Helpdesk account. Using only one quarantine inbox for all users greatly simplifies management of per-user quarantine because you only have to configure user features (from the BASIC > User Features page) for ONE inbox. or allow all users to log in to the same inbox. On the BASIC > Quarantine page. be sure to set a Retention Policy before enabling per-user quarantine in order to prevent running out of quarantine space. so system load will vary with the average size of emails. Note For the Barracuda Spam & Virus Firewall 300 and higher. them. or by the user). you may want to only provide a quarantine inbox to a subset of power users. allows the 86 Barracuda Spam & Virus Firewall Administrator’s Guide .). Account holders can the log into the Barracuda Spam & Virus Firewall and view their Quarantine Inbox to view and take actions with quarantined messages. the system may push the edge of performance more quickly than if emails tend to be small in size. etc. emails sent to that user that would normally have been placed in quarantine will simply be delivered to the user's regular mailbox with the subject line prepended with a quarantine tag. When enabling per-user quarantine on the Barracuda Spam & Virus Firewall. Since per-user quarantine entails storing quarantined messages on the Barracuda Spam & Virus Firewall until the user delivers or deletes.Using Per-user Quarantine Providing a user with a quarantine inbox gives them greater control over how their messages are quarantined. You can alternatively decide this for the user and prevent them from accessing this setting. but also requires them to manage their quarantine inbox on the Barracuda Spam & Virus Firewall. configurable on the BASIC > Quarantine page. the first thing to do is to enable quarantine using the Spam Scoring Limits on the BASIC> Spam Checking page. You can choose to allow the user to decide whether to deliver quarantined messages to their regular email address associated with their account or to their quarantine inbox. Where Do the Quarantined Messages Go? If the administrator sets Quarantine Type to Per-User on the BASIC > Quarantine page and the New User Quarantine State feature is set to On. Linking Domains for One Quarantine Inbox In some cases it may be practical to direct all quarantined email to one quarantine inbox on the Barracuda Spam & Virus Firewall.

com when determining user validity and preferences. is not considered a Valid Recipient. using the Explicit Users to Accept For section of the USERS > Valid Recipients page. Alias Linking This feature allows one quarantine account to receive quarantined email for multiple accounts. deliver or delete quarantined emails from the QUARANTINE INBOX page and configure their account settings from the PREFERENCES page to the extent that their account permissions allow as described below under Controlling Access to Account Features.allow the account holder to enable their quarantine inbox on the Barracuda Spam & Virus Firewall.allow the account holder to enable or disable Edit frequency at which quarantine notifications are sent to the account holder Add addresses and domains to a whitelist or blocklist Use Bayesian filtering Allow account holder to set their own tag. quarantine and block levels according to spam scoring • • • • • Managing Inbound Quarantine 87 . and will have a quarantine inbox under the name user@mybarracuda.com. For example.com will be treated as user@mybarracuda. They can view and choose to whitelist. The Quarantine Inbox When an account holder with the User role logs in to the Barracuda Spam & Virus Firewall they’ll see the QUARANTINE INBOX and PREFERENCES tabs. the Domain Admin role will not see or be able to control that setting for accounts in domains that they manage.option for all domains protected by this Barracuda Spam & Virus Firewall be treated as if they were alternate names for the default domain name for the system. Domain Admin and Helpdesk account holders will see the QUARANTINE INBOX and PREFERENCES tabs when they click the Manage Account link in the upper-right corner of the Web interface. page 87. then user@domain1. if entered on one line only with associated accounts for which it should receive email. Spam scanning . permissions are automatically assigned for users to manage their account features based on what is configured on the USERS > User Features page in the Default User Features section. if the Default Domain for the system as specified on the BASIC > IP Configuration page is mybarracuda. Configurable user account features include: • Quarantine Inbox . please see the Barracuda Spam & Virus Firewall User's Guide at http://www. For details on how all account holders manage their quarantine inbox. This account needs to be added on a separate line to also be considered a Valid Recipient.barracudanetworks. The quarantine account that receives quarantined email for other accounts does not need to belong to the same domain as the others. if the Whitelist/blocklist feature is set to No (disabled) at the global level in the Default User Features section of the USERS > User Features page. Note that this account. Controlling Access to Account Features When accounts are created by the Barracuda Spam & Virus Firewall. or disable it such that quarantined message go to their regular email inbox.com. So.com/documentation. Domain Admin roles can further limit user access to these features based on what the administrator has enabled at the global level. for example.

Quarantine Notifications The Barracuda Spam & Virus Firewall can send notifications that a user has quarantined messages at predefined intervals and in selected languages. Domain Admin and Helpdesk roles can view and set override of user feature defaults ONLY for features that are enabled in the Default User Features section by the administrator. page 94). disabling certain features that were enabled at the global level by the administrator) at the domain level for account holders in the domain. Users can override the Notification Interval of daily. In this example. In the User Account text box in the User Account Create/Update section of the USERS > User Add/Update page. Consequently. For this reason. Because creating a quarantine digest for each user requires lots of system I/O. 88 Barracuda Spam & Virus Firewall Administrator’s Guide .If allowed permissions by the administrator. weekly or never from their PREFERENCES tab if enabled by the administrator. but also requires them to manage their quarantine queue. Set the Email New User(s):option to Yes to email login information to the new users. nothing will appear on the USERS > User Features page for Domain Admin and Helpdesk roles if all Default User Features options have been set to No by the administrator. Assigning Quarantine Inbox Permissions to Selected Users One of the most common scenarios for overriding quarantine settings is when you want to provide a few “power users” with a quarantine inbox on the Barracuda Spam & Virus Firewall and have the rest of your users receive quarantine messages in their standard email inbox. it is recommended to set the Notification Start Time on the BASIC > Quarantine page to outside of peak traffic time frames during the weekday. Set the New User Quarantine State: to Off so that accounts are not automatically created by the Barracuda Spam & Virus Firewall when needed (for conditions under which new accounts can be automatically created. enter the email addresses of the users you for whom you want to create a quarantine inbox and set Enable User(s) Quarantine to Yes in the same section. Providing a user with a quarantine inbox gives them greater control over how their messages are quarantined. Enable the features you want those account holders to be able to manage for their accounts on the USERS > User Features page. the Domain Admin can edit the Default User Features settings (i. Overriding Default Account Features Settings The User Features Override section of the USERS > User Features page allows you to make exceptions to the rules specified above for particular account holders. you would do the following: • • Set the quarantine type to Per-user on the BASIC > Quarantine page. The notification interval and email address can be set at the global level on the BASIC > Quarantine page and overridden at the domain level if allowed by the administrator. you should remove any mailing lists you may have added on the ADVANCED > Explicit Users page and public folders so no per-user accounts are created based on those email addresses. User overrides only apply when the domain level setting in Default User Features matches the global setting. • • • Note If you enable user quarantine. The default start time is 3:35pm (15:35). you may only want to provide a quarantine inbox to a subset of sophisticated users. see Automatic Account Creation.e. The Helpdesk role does not have this permission.

since constant reliance on the Barracuda Spam & Virus Firewall to automatically remove quarantined messages based on either age or disk usage may impact system performance.g. the amount of email that is quarantined each day. At the domain level. Note that regardless of these settings. It is a recommended to set the Quarantine Host value. to enable users (including Domain Admin. For example. Note that sending multiple notifications could affect system performance. Managing Inbound Quarantine 89 .. if the maximum size limit on email size is 10MB and a quarantined email has a 19MB attachment. thereby conserving system resources on the Barracuda Spam & Virus Firewall. Each day the quarantine notification service runs for all users. or body filtering). Minimizing Excessive Storage of Email It is recommended that users be trained to manage their own quarantine areas. overriding the global setting. Setting the Age Limit to a 7-14 day range is recommended assuming that older quarantined emails may lose importance with time. Account holders can then access notification settings from their PREFERENCES > Quarantine page. and the number of tasks the system performs (e. make sure the Enable User Features setting on the BASIC > Quarantine page is turned On. be sure to open port 8000 on your firewall (or whatever port you are using for the Web interface) if you want the Barracuda Spam & Virus Firewall to send quarantine notifications outside of the network. Helpdesk and User roles) to manage quarantine notifications for their own accounts. If there is no new quarantined mail for a user since the last notification interval. you can enable the user to easily schedule quarantined messages for regular purging based on age (in number of days). Note If you enable quarantine notifications. Retention Policy and Purging Old Messages As the administrator. no messages younger than 3 days will be removed. giving the user time to examine and process that email before it is automatically deleted by the Barracuda Spam & Virus Firewall. From the USERS > Retention Policies page. How the Quarantine Digest Works The quarantine digest only goes out if new quarantined mail is saved in the user’s folder since the last notification cycle. no quarantine digest will be generated and sent to that user for that same 24 hour period. you can configure retention policy to limit the amount of disk space used for storing each user's quarantined messages. reporting. or if a user has logged into their account since the last notification interval. The Default Language used in notification emails can also be set from this page. The level at which performance is affected depends on the number of user quarantine areas that are kept on the Barracuda. Using this hostname as opposed to the system IP address (default) ensures that users are able to reach the Barracuda Spam & Virus Firewall from their old notifications even after any possible changes in IP addresses.Multiple quarantine notifications can be sent out in a 24 hour period to users that they have quarantined mail by entering multiple times for Notification Start Time. which appears as the sending hostname in all quarantine and welcome emails from the system. or both. the email will be retained for 3 days. disk space used (specified in kilobytes).

the first day retention policies are enabled results in an impact on system performance. Each account entry shows Yes/No in the Quarantine column (“Yes” indicates peruser quarantine is in effect for that user) and number of Kbytes of email stored in their quarantine inbox in the Size column. When a user's quarantine is disabled. Individual user quarantine areas can be disabled from the USERS > Add/Update page so that any repeat offenders can be prevented from utilizing the Barracuda Spam & Virus Firewall quarantine areas. The longer a system runs without retention policies.Use the filters on the USERS > Account View page to quickly determine which users have the largest quarantine areas. emails sent to that user that would normally have been placed in quarantine will simply be delivered to the user's actual mailbox with the subject line prepended with a quarantine tag. the load stabilizes as the system is able to keep large quarantine fluctuations to a minimum. Retention policies are run daily starting at approximately 02:30 AM. the larger the performance impact. Note When you enable retention policies. keep in mind that if your system has been accumulating email without retention policies for a period of time. After the first day or two. 90 Barracuda Spam & Virus Firewall Administrator’s Guide .

................... 92 Creating and Managing Accounts ........................... With the Barracuda Spam & Virus Firewall 300 and higher..... Creating and Managing Domains... With the Barracuda Spam & Virus Firewall 400 and higher.........Chapter 10 Managing Accounts and Domains If your Barracuda Spam & Virus Firewall is responsible for filtering messages for more than one mail server or domain. authentication and quarantine settings on a per-domain basis... you can configure various spam settings............... Use this chapter to understand managing user accounts and domains on the Barracuda Spam & Virus Firewall and configuring per-domain and per-user settings.................................... 93 Role-based Administration.. 96 Managing Accounts and Domains 91 ....... the domains associated with each mail server will need to be added to the system.............................. The Barracuda Spam & Virus Firewall 600 and higher supports per-user account spam score settings. filtering policy....... you can enable per-user quarantine and the system will create user accounts to enable access to quarantine settings and messages..................

BLOCK/ACCEPT. Settings for individual domains can be configured by the administrator and. This also means that any changes you make to the global values of the Barracuda Spam & Virus Firewall will NOT be inherited by the domains that you edit and for which you have changed configuration values. All three roles will see a DOMAINS tab from which they can click Manage Domain next to the domain for which to edit the domain-level settings. any global level changes to that feature will be applied for that domain. A confirmation dialog box will prompt you to confirm whether or not you want to delete a domain. Figure 10. with the domain level setting taking precedence.Creating and Managing Domains Your Barracuda Spam & Virus Firewall will only accept emails addressed to domains that it has been configured to recognize. page 96. by the Domain Admin and Helpdesk account roles as described below under Role-based Administration. Domains added from either page will be initially configured with whatever you have specified your default global settings to be. Clicking the Manage Domain link for a particular domain will show some or all of the BASIC. all user accounts associated with that domain will also be deleted from the Barracuda Spam & Virus Firewall. Additional settings available for a domain are 92 Barracuda Spam & Virus Firewall Administrator’s Guide . depending on the permissions level of the logged in account role. Note Setting values on a per-domain basis overrides the values configured at the global in the web interface. Only an administrator can add or delete domains using the controls available in the DOMAINS page.1: The administrator can add domains on which to filter email. with some restrictions. if you have never changed a particular setting for a domain. However. Basic configuration of a domain consists of identifying the name of the domain (and/or a specific subdomain) and specifying a destination mail server. The administrator can also add domains from the BASIC > IP Configuration page. USERS. OUTBOUND QUARANTINE and ADVANCED tabs. Domain Level Settings Some settings are only configurable at the domain level. while others are configurable at both the global and domain levels.The Domain Admin role or the administrator can override some global settings for spam and virus checking and quarantine at the domain level. If the administrator deletes a domain.

which includes permissions to configure all settings on the Barracuda Spam & Virus Firewall. with increased permissions. Creating and Managing Accounts There are two ways of creating user accounts on the Barracuda Spam & Virus Firewall . Depending on how the administrator configures the Barracuda Spam & Virus Firewall. accounts can include a quarantine inbox for individuals or may only provide users with the ability to manage their own whitelist and blocklist of email addresses and domains or spam scoring levels.deleting. • Auditor.org: option to require header. In addition to the administrator account role. four other account roles with associated levels of permissions are available: • User. • • • • • Note The Barracuda Spam & Virus Firewall 400 and higher contain support for APIs that can be used to automate the steps for creating and configuring multiple domains on the Barracuda Spam & Virus Firewall. rejecting or allowing delivery of messages based on policy. • Helpdesk (available on the Barracuda Spam & Virus Firewall 300 and higher). Sender domain. the default account role whose permissions are limited to managing their own quarantine account to the degree enabled by the administrator. page 87) A defined global quarantine email address (for the domain only) IP address/range. Note: BLOCK/ACCEPT policies created at the per-domain level do NOT apply to outbound messages . Sender email and Recipient filtering. Managing Accounts and Domains 93 .automatically and manually.dependent on the model of your Barracuda Spam & Virus Firewall. LDAP configuration Option to specify local database of valid recipients (if not using LDAP) and alias linking Single Sign On with various authentication mechanisms Emailreg. a unique account (you can only create one instance) whose role it is to monitor the Outbound Quarantine . Note that encryption policy can only be set at the global level by the administrator.they only apply to inbound messages for that domain. body or subject content filtering on mail from registered email addresses Ability to validate the domain and specify an image for branding encrypted email messages and notifications sent to the recipient. and can include any or all of the following: • • • • • • • Destination Mail Server Enabling of spam scanning and setting spam score limits for the domain Enabling or disabling virus scanning Per-user quarantine enable/disable Control over which features users can see and configure for their accounts (see Controlling Access to Account Features. This account already exists on the Barracuda Spam & Virus Firewall and must be enabled on the BASIC > Administration page.

page 83. page 96. Automatic Account Creation The Barracuda Spam & Virus Firewall automatically creates accounts when all of the following conditions are met: • • The New User Quarantine State features is set to On on the BASIC > Quarantine page: The administrator enables quarantine and sets quarantine type to per-user on the BASIC > Quarantine page. This helps prevent the Barracuda Spam & Virus Firewall from creating accounts for invalid users. The Barracuda Spam & Virus Firewall receives an email that needs to be quarantined. The Barracuda Spam & Virus Firewall uses the email address of the recipient as the username of the account and auto-generates a password. page 96 for more information about account roles and permissions) for the recipient if the address does not exist. To increase security. For more information on enabling quarantine. the Barracuda Spam & Virus Firewall sends the account holder an email with the login information so they can access their quarantine inbox. monitoring outbound quarantined mail and managing per-domain level settings on the Barracuda Spam & Virus Firewall. Once accounts are created. Thus you can delegate various levels of authority to members of your organization for administering quarantine accounts. 94 Barracuda Spam & Virus Firewall Administrator’s Guide . With Single Sign-On enabled. 5. as well as the Explicit Users to Accept For text box on the USERS > Valid Recipients page. Note The settings chosen in the Default User Features section of the USERS > User Features page are applied to all new accounts that are created. This feature is especially useful for ISPs/Web hosting providers to give helpdesk and more sophisticated technical support personnel access to domain and per-user account configuration for groups of users. each account (with the exception of Auditor) can be assigned a role other than the default User role from the USERS > Account View page at the global level or at the perdomain level. See Role-based Administration. 4. Places the quarantined message in the account holders’s quarantine inbox.• Domain Admin (available on the Barracuda Spam & Virus Firewall 600 and higher). you can configure the Barracuda Spam & Virus Firewall to validate the receiving email address (using LDAP or the SMTP command RCPT TO) before it creates an account. the account holder will be able to log into the Barracuda Spam & Virus Firewall with their regular network credentials. 3. Creates a new account with User level permissions (See Role-based Administration. 2. for details on role-based permissions and web interface navigation. which triggers creation of the account. • The Barracuda Spam & Virus Firewall automatic account creation process is as follows: 1. refer to Managing Inbound Quarantine. Sends a quarantine summary report to the account holder. If Single Sign-On is not enabled. This role can configure certain types of policy for the domains assigned to their account. the role with the most permissions other than the administrator. Checks the recipient email address against the Local database or the LDAP server as specified at the per-domain level on the USERS > Single Sign-On page (Barracuda Spam & Virus Firewall 400 and higher).

In that case. you will want to manually create user accounts with the USERS > User Add/Update page when you want to override the default quarantine. Account Creation by Users Another way to manually create accounts on the Barracuda Spam & Virus Firewall is to use the Create New Password button on the login page which new users can click to create an account with their email address as their username. Creating the account before the Barracuda Spam & Virus Firewall automatically creates it enables you to initially configure the account settings if they are different from the default settings for other users. Their password will be emailed to the email address they enter in the username field. enable the features over which you want those users to have control by entering the same list of new account names (email addresses) in the User Account(s): text box in the User Features Override section of the page. User accounts can be manually created in bulk as described below. For example. email will still be processed by the Barracuda Spam & Virus Firewall but unavailability of your LDAP server could result in creation of invalid quarantine accounts for unverified users on the Barracuda Spam & Virus Firewall. you can manually create user accounts for those individuals for whom it is appropriate. Manually Creating User Accounts In addition to the two cases mentioned above. Then. If enabling Single Sign-On for a domain. virus and spam checking settings for specific account holders. The Barracuda Spam & Virus Firewall allows for account holders to manage various aspects of spam and virus checking and whitelist/blocklist behavior for their email without having to have a quarantine inbox on the appliance.When to Disable Automatic Creation of Accounts If your LDAP server is running slowly. but create per-user settings for user control of spam and virus checking features. access to whitelist/blocklist capabilities. Managing Accounts and Domains 95 . but you don’t want to use resources on the Barracuda Spam & Virus Firewall to store quarantine messages. or you don’t want to have to train or depend on users to manage their quarantine inboxes. By doing this you can enable global quarantine. on the USERS > User Features page. etc. as described in the next section. if you want your users to be able to maintain their own whitelists and blocklists of email addresses and domains. account holders associated with that domain can log into the Web interface of the Barracuda Spam & Virus Firewall with their regular network credentials to manage their accounts. you can easily create accounts from the USERS > User Add/Update page for one or more users and disable their quarantine inbox(es). Another reason to disable automatic creation of accounts is that you may not want all of your users to have quarantine inboxes to manage. In this case it may be preferable to disable automatic account creation by setting the New User Quarantine State to Off from the BASIC > Quarantine page. See Enabling SSL for Administrators and Users. you should also configure HTTPS/SSL Access Only at the global level on the ADVANCED > Secure Administration page to protect the transmission of network passwords. and if Single Sign-On is enabled for a particular domain. Single Sign-On and User Authentication Single Sign-On is a per-domain setting on the Barracuda Spam & Firewall. page 38 to configure SSL on the Barracuda Spam & Virus Firewall 400 and higher.

which is what the Domain Admin and Helpdesk roles will see. or the name of the user account. from the DOMAINS page. in the User Features Override section of the page These features provide the user’s ability to enable or disable the following: • Whitelist/blocklist of email addresses and domains • Quarantine inbox • Notification settings . Those quarantined messages will have a tag prepended to the subject line indicating that the Barracuda Spam & Virus Firewall suspects the message to be spam. The administrator can step into the domain level scope of the web interface. The DOMAINS page represents the “top level” of navigation of the Web interface for Domain Admin and Helpdesk roles. page 84 for more information. as shown in Figure 10. quarantine and block score levels (Barracuda Spam & Virus Firewall 600 and higher) For all of the user features enabled by the administrator. and notification intervals • Use of a personal Bayesian database • Spam scanning (on/off) • Setting spam tag. BOTH the Domain Admin and Helpdesk account roles can override the global settings for existing accounts in the User Features Override section of the USERS > User Features page on a per-domain basis. in the Default User Features section of the page • For existing accounts. make sure that the Enable User Features setting on the BASIC > Quarantine page is turned On. 96 Barracuda Spam & Virus Firewall Administrator’s Guide . the domain being managed.Assigning Features to User Accounts The USERS > User Features page enables the administrator to enable or disable user control over their account settings: • For newly created accounts.2. the links in the upper right corner of the web interface will indicate the login name and. The Auditor role is different than the others in that there are only two pages in the web interface that are visible: the Outbound Quarantine page and the Password page. by selecting a domain to manage. See How Quarantine of Inbound Mail Works.email address for receiving a quarantine summary report. if in the domain level scope. Helpdesk and User roles) to edit preferences/user features for their accounts. One of the most common scenarios for overriding quarantine settings is when you want to provide a few “power”users with a quarantine inbox on the Barracuda Spam & Virus Firewall. with the rest of your users receiving quarantined messages in their standard email inbox. To enable account holders (including Domain Admin. the Domain Admin account role can override the global setting and disable any Default User Features for newly created accounts. Role-based Administration Roles and Navigating the Web Interface Depending on the login role.

2: The DOMAINS page as viewed by the Domain Admin or Helpdesk roles upon login. Figure 10. Domain Admin and Helpdesk roles can also edit their own personal account settings and quarantine inboxes. which is what the User role sees. Clicking on Manage Domain enables managing domain-level settings and user accounts for that domain. The Domain Admin or Helpdesk role can “drill down” another level by selecting an account associated with that domain to edit from the USERS > Account View page (see Figure 10.3).3: Drilling down from the DOMAINS page to account level Managing Accounts and Domains 97 . Editing an account displays the quarantine inbox and preferences for the account.Figure 10.

Clicking Edit Role brings up the Edit Role page. Figure 10. Role permissions are described in the next section. 98 Barracuda Spam & Virus Firewall Administrator’s Guide . The Auditor account is managed from the BASIC > Administration page. put the phrase "all_domains" in the Managed domains for: text box on the Edit Role page for that account as shown in Figure 10. The USERS > Account View page displays role types and whether or not each account has quarantine enabled. the administrator can manage accounts (other than the Auditor account) for all domains on the Barracuda Spam & Virus Firewall.Figure 10. Note that links in the upper right of the page always indicate the login name of the current account holder. the Log Off link and. as shown in Figure 10.6 for changing the account role from User (the default) to Helpdesk or Domain Admin and assigning domains for Helpdesk and Domain Admin account holders to manage. links to manage the system. editing account roles.7 instead of listing individual domains to manage. deleting invalid accounts as needed and changing account passwords. domains or user accounts.5: Account View from global scope as seen by the administrator. if applicable.4: Links enable Domain Admin role to return to DOMAINS page or edit account Editing Accounts and Assigning Roles From the USERS > Account View page in the global scope. To grant a Helpdesk or Domain Admin role permissions to manage ALL domains configured on the Barracuda Spam & Virus Firewall.

Create whitelists and blocklists for email addresses and domains. quarantine and block levels. User Role This is the default role assigned to newly created accounts and only provides the account holder with a view of their quarantine inbox and some account preference settings. Figure 10.Figure 10. depending on what has been enabled for their account.7: Assigning all_domains permissions on the Edit Role page. Manage a personal Bayesian database. delete quarantined messages. The User account holder will see the following page upon Managing Accounts and Domains 99 . Change password (if Single Sign-On authentication is not configured).6: The Edit Role page for assigning roles and domains to manage. whitelist.deliver. Management of quarantine inbox . Permissions may include: • • • • • Modify individual settings for quarantine. If granted the permission. spam tag. the User role can disable quarantine for their account such that all messages quarantined for that account holder’s email address(es) by the Barracuda Spam & Virus Firewall will be delivered to their regular email inbox.

See also Using Per-user Quarantine. • Log into an account with lesser permissions and manage the associated quarantine inbox . only those domains will appear in the DOMAINS page. however. quarantine enable/disable. which can only be generated at the global level by the administrator). Helpdesk Role . the Helpdesk account only administers two domains: 100 Barracuda Spam & Virus Firewall Administrator’s Guide . view the body of messages in the Message Log. This role has the User level permissions plus the ability to: • Override account settings for existing accounts for the domain(s) the Helpdesk account holder has permissions to manage.8: User role view of web interface. • Log into and manage the quarantine inbox of a Helpdesk or a Domain Admin who does not have all_domains permissions If the Helpdesk account holder only administers a subset of all domains configured on the Barracuda Spam & Virus Firewall. The Helpdesk role cannot. displaying the Quarantine inbox Helpdesk Role This role is available for the Barracuda Spam & Virus Firewall 300 and higher and can manage basic account settings for accounts associated with one or more domains and assist users with managing their quarantine inboxes. The administrator can enable the Helpdesk role to expand or limit user control over their spam scoring. A Helpdesk account holder with all_domains permission can also do the following: • Change the role of a Helpdesk account holder (to the User role) who does not have all_domains permissions.deliver. • View the Message Log for the domain(s) managed and deliver quarantined messages. • Edit account roles for account holders with lesser permissions. whitelist/blocklist.7). Figure 10.All_Domains Permissions The Helpdesk role has the above permissions for ALL domains configured on the Barracuda Spam & Virus Firewall if the Managed domains for: text box on the USERS > Account View > Edit Role page for this account holder includes the phrase "all_domains" (see Figure 10. • View domain-level status and reports (with the exception of the daily Traffic Summary. page 86. whitelist or delete messages. with option to set preferences (see Assigning Features to User Accounts. notification and Bayesian filtering settings. Here.login. page 96) and manage their quarantine inbox of messages.

11: On the USERS > Account View page. the Helpdesk account holder can manage the quarantine inbox and some account settings. as described above. the Helpdesk account holder can view and edit accounts and quarantine inboxes for the domain or manage their own account. the Helpdesk role sees a list of the accounts associated with the domain For any account holders listed for the domain.Figure 10. depending on their permissions level. Figure 10. Figure 10. can view reports and the Message Log for the selected domain and manage the quarantine inbox and settings for other account holders.9: A Helpdesk account holder sees a list of only domains that they manage Clicking on the Manage Domain link will show a subset of the web interface. The Helpdesk role sees basic email statistics.10: A Helpdesk account holder has a limited view of per-domain data and accounts From the USERS > Account View page. Managing Accounts and Domains 101 .

but you want your users to maintain their own whitelists and blocklists of email addresses and domains. In this case. • Deliver the message if necessary Domain Admin Role The Domain Admin role is available on the Barracuda Spam & Firewall 600 and higher and can configure all domain settings for designated domains as well as account settings for account holders who have lesser permissions.All_Domains Permissions The Domain Admin role has the above permissions for ALL domains configured on the Barracuda Spam & Virus Firewall if the Managed domains for: text box on the USERS > Account View > Edit Role page for this account holder includes the phrase "all_domains". plus the following. specify a global quarantine email address for designated domains. page 87) for designated domains. but want to control spam scoring and quarantine notification intervals for their incoming email. A Domain Admin account holder with all_domains permission can also do the following: • Create or change the role of a Domain Admin account holder who does not have all_domains permissions. Navigation of the web interface for the Domain Admin role follows the examples illustrated above for the Helpdesk role. • Enable or disable per-user quarantine at the domain level and. • Users don’t want to maintain two inboxes. • Create or edit a Helpdesk account with all_domains permissions. 102 Barracuda Spam & Virus Firewall Administrator’s Guide . • Log into and manage the quarantine inbox of a Domain Admin who does not have all_domains permissions.Example Helpdesk Use Cases • Disabling quarantine on the USERS > Add/Edit page for one or more users for reasons such as the following: • You don’t want to use Barracuda Spam & Virus Firewall resources to store quarantined email. all domains for which the Barracuda Spam & Virus Firewall filters email will appear in the DOMAINS page. • A User account holder needs help changing their password. • Enable or disable various Default User Features for new accounts (see Controlling Access to Account Features. Domain Admin Role . This role includes Helpdesk level permissions and use cases as described above plus the ability to: • View message contents (if privacy settings allow) for designated domains. if per-user quarantine is disabled. • A user needs to know why email from a particular address is getting blocked by the Barracuda Spam & Virus Firewall and the Helpdesk role can: • View the reason for blocking on the BASIC > Message Log page.

#3.12: The Domain Admin role can configure domain-level settings. Then manually associate all of the domains on the Barracuda Spam & Virus Firewall with this account by listing each domain on a separate line in the Domains Managed text box.Figure 10. Role Requirements: An account that will be able to: • • • • Monitor all configured domains Give others the ability to configure individual domain settings Will not be able to view message content Configure domain settings Solution: Create a Helpdesk account with all_domains permissions. This account can monitor and manage outgoing messages that have been quarantined due to policy. but cannot create or edit other accounts with the Domain Admin role. Role Requirements: An account that will be able to: • Monitor all configured domains • Create (only) end user accounts • Will not be able to view message content or configure domain settings Solution: Create a Helpdesk account that does not have all_domains permissions (this prevents the ability to create other Domain Admin or Helpdesk accounts). the Auditor can scan outgoing messages quarantined for content to determine if they are valid or not. Role Requirements: An account that can configure settings on all domains configured on your Barracuda Spam & Virus Firewall. For example. This will allow configuration of all domain settings. Auditor Account The Auditor account is a unique account to be given to a trusted individual in the organization. Use Case Scenarios For Role Assignments #1. If Managing Accounts and Domains 103 . Then manually associate all domains with this account by listing each domain on a separate line in the Domains Managed text box. Solution: Create a Domain Admin account that does not have all_domains permissions (this prevents the ability to create other Domain Admin accounts). This will allow monitoring of all domain traffic. if company policy requires the banning of certain keywords in outgoing messages. #2.

the person assuming this role logs in with the default login and password for the account. there is always only one login and password pair for this account. or just delete the message with no notification sent. please contact Barracuda Networks Technical Support. the next time the account is enabled. both of which are auditor. The account can be disabled from the BASIC > Administration page. If not. Once it is enabled. If the password is lost. the password will be reset to the default value. This account is always ‘available’ for use on the Barracuda Spam & Virus Firewall.so. the Auditor can either reject the message. Thus. When the Auditor logs in. the Auditor can decide to deliver the message. but must be enabled from the BASIC > Administration page. If so. the password can be changed from the Password page. with a notification being sent to the sender. 104 Barracuda Spam & Virus Firewall Administrator’s Guide .

........................................111 Using the Barracuda Control Center .......................................................... 114 Front Panel Indicator Lights ..................................................................... 109 Reporting .........................................................Chapter 11 Monitoring the System This chapter describes the monitoring and diagnostic tools provided on the Barracuda Spam & Virus Firewall Web interface for the administrator to track system performance and troubleshoot issues...... Viewing Performance Statistics ............................................................... 112 Diagnostic Tools ............................................... 115 Monitoring the System 105 ..................................... 106 The Message Log ................................................................................... 114 Using a Syslog Server to Centrally Monitor System Logs ............. 108 Setting up Alerts ..........................

with the ability to filter. check the Quarantined number of messages shown in the Email Statistics [inbound] pane on the BASIC > Status page. delete and view details of selected queued messages. Performance statistics. Clicking this link will display a pop-up indicating the drive to replace and an Ok button and a Cancel button. To view the queues in a Message Log format. Performance statistics displayed in red signify that the value exceeds the normal threshold. but if any setting remains consistently in the red for a long period of time. Click either number to view a summary of the messages currently in the queues. • • If the Mail/Log Storage rises above 75%. changing the Retention Policies for per-user quarantine on the USERS > Retention Policies page may solve the problem. please contact Barracuda Networks Technical Support. This may happen normally if the destination mail server rejects email based on mail server policy and the message is bounced back to the sender.Viewing Performance Statistics The BASIC > Status page provides an overview of the health and performance of your Barracuda Spam & Virus Firewall. Messages in the outbound queue will automatically expire if not successfully delivered within 48 hours (default). See Retention Policy and Purging Old Messages on page 89 for details and warnings about deleting large amounts of messages. quarantined. You must first replace the disk drive that indicates a problem before proceeding with the repair operation. tagged (inbound only). from the number of messages in the outbound queue (Out) waiting for the outbound server. Please contact Barracuda Networks Technical Support if you need assistance. including CPU temperature and system load. blocked. this indicates that more disk space has been taken up by the message and log storage than is allocated for that purpose and you should contact Barracuda Networks Technical Support. The subscription status of Energize Updates. the mail server could be down or there could be another network issue. Retrying All Outbound Messages If the outbound queue number is high. If this number is high. including: • Hourly and daily email statistics that display the number of viruses blocked and messages rate controlled (deferred). if a disk drive in the RAID array exhibits a problem. the Redundancy (RAID) indicator will highlight in red and show one of the drives as degraded with a link Click To Repair. These values will fluctuate based on the amount of traffic that is being handled. On the Barracuda Spam & Virus Firewall 600 and higher. separated by a “/”. The number of current inbound messages (In) plus accepted messages waiting for virus and spam scanning is shown. 106 Barracuda Spam & Virus Firewall Administrator’s Guide . Inbound and Outbound Message Queues You can view the mail queues from the BASIC > Status page with the In/Out Queue Size link. requeue. use the ADVANCED > Queue Management page. sent (outbound only) and allowed (inbound only) for the last 24 hours and 28 days. If per-user quarantine is enabled and system performance has decreased.

Monitoring the System 107 . or retry delivering selected email messages in the out queue. The button will then be disabled until the requeue process has completed.To requeue. use the ADVANCED > Queue Management page. Note that alerts and notifications are queued separately from email so that the administrator can be alerted if the out message queue is high. or retry delivering ALL email messages in the out queue. click the Retry button at the bottom of the BASIC > Administration page to retry sending the messages immediately. To requeue.

Message source and analysis is viewable by clicking on a message. sender. size. if enabled. See Monitor and Classify Incoming Emails on page 39 for more information about using the Message Log. and sorting data using the wide variety of filters can quickly provide a profile of email by allowed. quarantined or blocked messages by domain. subject.The Message Log The BASIC > Message Log page displays details about all email traffic that passes through the Barracuda Spam & Virus Firewall. and includes spam scoring and Bayesian analysis. The Message Log is a window into how the current spam and virus settings are filtering email coming through the Barracuda Spam & Virus Firewall. 108 Barracuda Spam & Virus Firewall Administrator’s Guide . recipient. Watch the Message Log after making changes to the spam and virus settings to determine if the Barracuda Spam & Virus Firewall spam checking and quarantine behavior is tuned per the needs of your organization. tagged. This data is captured initially in the Mail Syslog and appears on the mail facility at the debug priority level on the specified syslog server. time. reason for action taken or score.

virus. including mail/log storage. A few errors may not be indicative of a problem. quarantined and tagged messages based on spam. the community string. • To query the Barracuda Spam & Virus Firewall for these statistics via SNMP. including: • System statistics. for example. (outbound mail included) > appliance uptime Performance statistics. To enter multiple addresses. separate each address with a comma.Setting up Alerts Setting up Emailed System Alerts The BASIC > Administration page allows you to configure the Barracuda Spam & Virus Firewall to automatically email system notifications and alerts to the email address(es) you specify. blocked.x at Monitoring the System 109 . such as. etc. Barracuda Networks recommends using SNMP monitoring with an SNMP server. To monitor more specific information on a Barracuda Spam & Virus Firewall. System alerts are sent from the Barracuda Spam & Virus Firewall to the System Alerts Email Address(es) you specify when a system issue triggers an automated alert. the backup server is not available. such as: > inbound/outbound queue size > average email latency > encrypted. and other similar information. see the technical paper SNMP Monitoring for the Barracuda Spam & Virus Firewall 5. these alerts are limited and do not include latency. Check the settings on the ADVANCED > Backup page in the Automated Backups section. but more than a few may mean that there is mail that is being blocked for one or more invalid recipients. CPU temperature and system load. • Notifications are sent from Barracuda Central to the System Contact Email Address when: • • • Your Energize Update subscription is about to expire Problems arise with RAID disk storage New security bulletins are available Setting up SNMP Query and Alerts While the Barracuda Spam & Virus Firewall will send email alerts to the System Alerts Email Address specified on the BASIC > Administration page. For details about configuring SNMP with the Barracuda Spam & Virus Firewall. specify the SNMP version you’re using. The email will indicate the cause of failure. The Barracuda Spam & Virus Firewall 400 and higher offers the ability to monitor various settings via SNMP. custom policy. including: • LDAP lookup or server errors. This alert email is sent once per day reporting LDAP errors logged over the past 24 hours. Note that notifications are queued separately from outbound messages. Failure of an automated backup. inqueue sizes. invalid username or invalid password. and enter the IP address of the server(s) that will be making the SNMP connection in the SNMP Manager section of the BASIC > Administration page. you must first enable the SNMP agent.

barracudanetworks.com/documentation 110 Barracuda Spam & Virus Firewall Administrator’s Guide .http://www.

but generating a report to view instead of to send as an email can potentially consume excessive system resources on the Barracuda Spam & Virus Firewall. On demand reports can cover data for a specified date range. To minimize impact of report generation on the Barracuda Spam & Virus Firewall performance. You can run reports and configure report settings from the BASIC > Reporting page. Having it emailed to your mail box every day is helpful for monitoring the system.Reporting Generating System Reports The Barracuda Spam & Virus Firewall has a variety of system reports that can help you keep track of such statistics as the top spam senders and the top viruses detected by the system. weekly or monthly to specific users by entering their email addresses in the field next to each report type. You can enter as many email addresses as you like for each report as long as each address is separated by a comma. reports of over 7 days in length can only be generated through email. the kind of data each report includes for inbound and/or outbound mail. If you do not want a daily report to be distributed. do not enter an email address next to that report type. The Daily Traffic report is a good status reporting tool and is only available to administrators. Automating the Delivery of Scheduled System Reports The Reporting Email Options section of the BASIC > Reporting page lets you configure the Barracuda Spam & Virus Firewall to automatically deliver system reports daily. and types of graphs available. Monitoring the System 111 . Each scheduled report covers traffic for one day only. and online help for that page includes a table listing all reports. For this reason. You can either generate a system report on demand or schedule reports for regular delivery to specific users. Reports can be created for data collected at the global level as well as at the per-domain level. discretion should be used when deciding on the date range a given report is to cover.

you will manage it using the Barracuda Control Center (see Cloud-Based Protection on page 69 for details). From the ADVANCED > Control Center page. 7. If not. If you are using the Cloud Protection Layer feature of the Barracuda Spam & Virus Firewall. check to make sure you have the latest firmware installed. click on the link in the Products column in the Control Center pane on the left side of the page.Using the Barracuda Control Center The Barracuda Control Center enables administrators to manage. Enter your name and contact information. From the ADVANCED > Firmware Upgrade page. On the Sign In page. Do this when you know that there will be a loss of connectivity between the Barracuda Spam & Virus Firewall and the Barracuda Control Center due to the appliance being physically moved or other network connectivity issues. from the ADVANCED > Control Center page on the Barracuda Spam & Virus Firewall. and you can create aggregated reports for multiple Barracuda Spam & Virus Firewalls from the Barracuda Control Center console. enter the Barracuda Networks username and password you created and click Yes to connect to the Barracuda Control Center. Log into the Barracuda Control Center with your username and password and you will see your Barracuda Spam & Virus Firewall statistics displayed on the BASIC > Status page. Note that reports cannot be emailed using the Barracuda Control Center. You can connect one or more Barracuda Spam & Virus Firewalls to the Barracuda Control Center by doing the following: 1. 2. 6. Note that your Barracuda Spam & Virus Firewall can connect with only one Barracuda Control Center account at a time. visit http://www. 4. 5. To access the Web interface of your Barracuda Spam & Virus Firewall. see the Barracuda Control Center Administrator’s Guide at http://www. The same tabbed pages are available on the Barracuda Control Center for managing all aspects of your Barracuda Spam & Virus Firewall configuration that you see in each individual Web interface. 112 Barracuda Spam & Virus Firewall Administrator’s Guide . Or you can click on the product name in the Product column of the Unit Health pane on the right side of the page.barracudanetworks.barracuda.0 and higher) at one time from one console.com/documentation.com and click the Customer Login button to create one. download and install it now. Follow steps 3 and 4 to connect every subsequent Barracuda Spam & Virus Firewall to the Barracuda Control Center. 3. For more information about using the Barracuda Control Center. To stop the synchronization between your Barracuda Spam & Virus Firewall and the Barracuda Control Center. Log into your Barracuda Spam & Virus Firewall as the administrator. enter the Barracuda Control Center username and password for the particular account associated with that device and click No for Connect to Barracuda Control Center. monitor and configure multiple Barracuda Spam & Virus Firewalls (firmware version 5. If you don't already have an account with Barracuda Networks. click the Create a new account link. Make a note of the username (email address) and password you chose.

Using the Task Manager to Monitor System Tasks The ADVANCED > Task Manager page provides a list of tasks that are in the process of being performed and displays any errors encountered when performing these tasks. you can click the Cancel link next to the task name and then run the task at a later time when the system is less busy. The errors are not automatically phased out over time. The Task Errors section will list an error until you manually remove it from the list. Some of the tasks that the Barracuda Spam & Virus Firewall tracks include: • • • Clustered environment setup Configuration and Bayesian data restoration Removal of invalid users If a task takes a long time to complete. Monitoring the System 113 .

com/documentation 114 Barracuda Spam & Virus Firewall Administrator’s Guide . This syslog data appears on the mail facility at the debug priority level on the specified syslog server. dig/NS-lookup. envelope 'From' address. The Web Syslog data contains information about user login activities and any configuration changes made on the machine.Troubleshooting Diagnostic Tools Testing Network Connectivity The Barracuda Spam & Virus Firewall Web interface provides a suite of tools to help diagnose potential network problems. Using a Syslog Server to Centrally Monitor System Logs Use the ADVANCED > Networking page to specify a server to which the Barracuda Spam & Virus Firewall sends syslog data. including ping. This syslog data appears on the local facility with login information at the info priority level. and the spam score for the messages transmitted. Connect to Barracuda Support Servers In the Support Diagnostics section of the ADVANCED > Troubleshooting page. telnet. See the online help on the Network Connectivity Tests section of the ADVANCED > Troubleshooting page for details about using these tools. see the technical paper Syslog and the Barracuda Spam & Virus Firewall 4. For details about using the Barracuda syslog with the Barracuda Spam & Virus Firewall. you can initiate a connection between your Barracuda Spam & Virus Firewall and the Barracuda Networks Technical Support Center which will allow technical support engineers to troubleshoot any issues you may be experiencing. and configuration changes appear at the debug priority level on the specified syslog server. See the Syslog Configuration section of the ADVANCED > Troubleshooting page for the facility to open a window and view the Mail Syslog or Web Syslog output. TCP dump and traceroute. Syslog is a standard UNIX/Linux tool for sending remote system logs and is available on all UNIX/Linux systems. Syslog servers are also available for Windows platforms from a number of free and premium vendors. The Mail Syslog includes data such as the connecting IP.barracudanetworks.x at http://www. envelope 'To' address. The Mail Syslog captures data related to mail flow and is the same information as that used to build the Message Log in the Barracuda Spam & Virus Firewall.

1: Barracuda Spam & Virus Firewall front panel indicator lights Monitoring the System 115 .Front Panel Indicator Lights The Barracuda Spam & Virus Firewall has five indicator lights on the front panel that blink when the system processes any message. Figure 11. Figure 11.1 displays the location of each of the lights.

116 Barracuda Spam & Virus Firewall Administrator’s Guide .

............................. 119 Reloading......... 123 Maintenance 117 ...Chapter 12 Maintenance This chapter provides instructions for general maintenance of the Barracuda Spam & Virus Firewall using the Web interface................................................... Restarting...... and covers the following topics: Updating the Firmware and Definitions... and Shutting Down the System ................................... 122 Rebooting the System in Recovery Mode........ 121 Using the Built-in Troubleshooting Tools ............................................ 118 Backing up and Restoring Your System .

click the Apply Now button. In this case. with the latest General Release version of the firmware shown below in the Firmware Download section. For this reason. The ADVANCED > Energize Updates page allows you to manually update the Virus. Barracuda Networks recommends that the Automatic Updates option be set to On for all three types of definitions so that your Barracuda Spam & Virus Firewall receives the latest rules as soon as they are made available by Barracuda Networks. and then repeat this process on each system in the cluster. make SURE to set the Automatic Updates option to On in the Virus Definition Updates section of the ADVANCED > Energize Updates page. 118 Barracuda Spam & Virus Firewall Adminstrator’s Guide . Policy. This will ensure that the inbound mail queue is emptied and all messages are scanned before the upgrade process begins. Updating the Definitions from Energize Updates This should be one of the steps the administrator performs in the initial installation of the Barracuda Spam & Virus Firewall. DO NOT MANUALLY REBOOT YOUR SYSTEM at any time during an upgrade. the Download Now button on the ADVANCED > Firmware Update page is disabled. The ADVANCED > Firmware Update page allows you to manually update the firmware version of the system or revert to a previous version. you should apply new firmware versions during non-busy hours. The current firmware version shows in the top section of the page. you can then change the mode on each system back to Active. This is necessary to ensure that the add-in receives constant updates of virus signatures from the Barracuda Spam & Virus Firewall. When the firmware download is complete. unless otherwise instructed by Barracuda Networks Technical Support. Important: If you are using the Barracuda Exchange Anti-Virus Add-in with your MS Exchange mail server. and Security Definitions used on your Barracuda Spam & Virus Firewall or to have them updated automatically. The Barracuda Spam & Virus Firewall will reboot and you will need to log in again to the Web interface.The only time you should revert back to an old firmware version is if you recently downloaded a new version that is causing unexpected problems. we recommend changing the system’s Mode in the Clustered Systems section of the ADVANCED > Clustering page to Standby before you upgrade its firmware. If you have the latest firmware version already installed. Once the firmware on each system has been upgraded. Note Applying a new firmware version results in a temporary loss of service. click the Download Now button. Updating the Firmware of Clustered Systems If a system is part of a cluster. Before upgrading. call Barracuda Networks Technical Support before reverting back to a previous firmware version.Updating the Firmware and Definitions Updating the Firmware on your Barracuda Spam & Virus Firewall This should be one of the steps the administrator performs in the initial installation of the Barracuda Spam & Virus Firewall. Changing a clustered system to Standby mode before upgrading prevents a system on a more recent firmware version from trying to synchronize its configuration with a system on an earlier firmware version. To download the latest firmware version. BE SURE TO TAKE THE Barracuda Spam & Virus Firewall OFFLINE. The Web interface will display download progress.

Information not backed up with the system configuration file includes system password. you must select a server type.Backing up and Restoring Your System Backup Up Three Types of Backups Available The ADVANCED > Backup page lets you back up and restore three kinds of backup files for your Barracuda Spam & Virus Firewall: • • • System configuration Bayesian databases . Any configuration changes you want to make need to be done through the Web interface. and you have a firewall between your Barracuda Spam & Virus Firewall and your ftp server. If your backup times out. You can safely view a backup file in Windows WordPad or TextPad. For a complete list of settings that are not backed up.global and per-user (if your model supports per-user) Explicit Users to Accept For and Alias Linking data You should back up your system on a regular basis in case you need to restore this information on a replacement Barracuda Spam & Virus Firewall or in the event that your current system data becomes corrupt. backups you want to create. You should avoid viewing backup files in Windows Notepad because the file can become corrupted if you save the file from this application. If you are restoring a backup file on a new Barracuda Spam & Virus Firewall that is not configured. first configure your backup server information. Make sure that there aren't any other TCP services with port numbers in the port range listening on the ftp server machine. a schedule of automated backups on the ADVANCED > Backup page. and your ftp server is running in passive mode. • • • Maintenance 119 . The port range depends on your ftp server configuration. DNS information and clustering settings. if not all. system IP information. initiates ftp in passive mode. and. by default. Important notes about backups: • Do not edit backup files. If you select FTP. the firewall should be configured so that only that range of ports is accessible to the ftp server machine. The configuration backup file contains a checksum that prevents the file from being uploaded to the system if any changes are made. The Barracuda Spam & Virus Firewall. you may need to open ports on your firewall to allow passive-mode ftp connections. please see the online help of the ADVANCED > Backup page. if desired. For Automated Backups. then select which. note the following. Ideally. you first need to assign your new system an IP address and DNS information on the BASIC > IP Configuration page of the new system. To prepare the system for backing up.

Restoring a Backup Restoring a backup simply requires browsing your local system with the click of a button on the ADVANCED > Backup page and selecting a backup file. 120 Barracuda Spam & Virus Firewall Adminstrator’s Guide . Please see the online help on that page for details about restoring backups. . Warning Do not restore a configuration file onto a machine that is currently part of a cluster. All cluster information will be lost and the units will need to be re-clustered if this happens.

Restarting. Maintenance 121 . however. A unit in Offline (Maintenance) mode will stop accepting incoming mail until it is put back online. You can also take the system offline if necessary. since doing so while the Barracuda Spam & Virus Firewall is in the midst of a configuration update or other task can result in inadvertent corruption of the system. Caution should be used when pressing the reset button. restart. which is recommended whenever you do a Firmware Update. Reloading the system re-applies the system configuration. and Shutting Down the System The System Management/Shutdown section on the BASIC > Administration page allows you to shut down. You can also perform a hard reset of the Barracuda Spam & Virus Firewall by pressing the RESET button on the front panel of the system. Shutting down the system powers off the unit. Restarting the system reboots the unit. and reload system configuration on the Barracuda Spam & Virus Firewall.Reloading.

You can also ping other devices from the Barracuda Spam & Virus Firewall.Using the Built-in Troubleshooting Tools The ADVANCED > Troubleshooting page provides various tools that help troubleshoot network connectivity issues that may be impacting the performance of your Barracuda Spam & Virus Firewall. perform a trace route from the Barracuda Spam & Virus Firewall to any another system. and execute various other troubleshooting commands. you can test your Barracuda Spam & Virus Firewall’s connection to the Barracuda Networks update servers to make sure that it can successfully download the latest Energize Update definitions. 122 Barracuda Spam & Virus Firewall Adminstrator’s Guide . For example.

This option is automatically selected if no other option is specified within the first three (3) seconds of the splash screen appearing. For a description of each boot option. As a last resort. the Barracuda Spam & Virus Firewall defaults to starting up in the normal mode (first option). 2.Rebooting the System in Recovery Mode If your Barracuda Spam & Virus Firewall experiences a serious issue that impacts its core functionality. If you do not select an option within three seconds. Contact Barracuda Networks Technical Support for additional troubleshooting tips. You must select the boot option within three seconds of the splash screen appearing. Use your keyboard to select the desired boot option. Connect a monitor and keyboard directly to your Barracuda Spam & Virus Firewall. and then press the Power button again to turn the system back on. Note To stop a hardware test. Reboot the system by doing one of the following: • Click the Restart button on the BASIC > Administration page. Perform a system restore from the last known good backup file. as described below. Before you use the diagnostic and recovery tools..1: Reboot Options Reboot Options Barracuda Description Starts the Barracuda Spam & Virus Firewall in the normal (default) mode. Reboot Options Table 12. The Barracuda splash screen displays with the following three boot options: Barracuda Recovery Hardware_Test 3. you can reboot your Barracuda Spam & Virus Firewall and run a memory test or perform a complete system recovery. • Press the Power button on the front panel to turn off the system. you can use diagnostic and recovery tools that are available from the reboot menu (see below) to return your system to an operational state. and press Enter. reboot your Barracuda Spam & Virus Firewall by pressing Ctrl-Alt-Del on the keyboard you’ve connected to the appliance. Maintenance 123 .1 describes the options available at the reboot menu. refer to Reboot Options on page 123below. do the following: • • • Use the built-in troubleshooting tools on the ADVANCED > Troubleshooting page to help diagnose the problem. Table 12. To perform a system recovery or hardware test: 1.

first manually configure the new system’s IP information on the BASIC > IP Configuration page. Hardware_Test Performs a thorough memory test that shows most memory related errors within a two-hour time period. The memory test is performed outside of the operating system and can take a long time to complete. Reboot your Barracuda Spam & Virus Firewall to stop the hardware test.Table 12. and then restore the backup file from the old system onto the new system. refer to Backing up and Restoring Your System on page 119in this chapter. ship the old Barracuda Spam & Virus Firewall back to Barracuda Networks at the address below with an RMA number marked clearly on the package. 124 Barracuda Spam & Virus Firewall Adminstrator’s Guide . For information on restoring data. Winchester Blvd Campbell. CA 95008 attn: RMA # <your RMA number> Note To set up the new Barracuda Spam & Virus Firewall so it has the same configuration as your old failed system. we recommend running the Hardware_Test option next. Barracuda Networks Technical Support can provide details on the best way to return the unit. If problems are reported when running this option. • Perform full system re-image: Restores the factory settings on your Barracuda Spam & Virus Firewall and clears out all configuration information. • Run diagnostic memory test: Runs a diagnostic memory test from the operating system. or call Barracuda Networks Technical Support.1: Reboot Options Reboot Options Recovery Description Displays the Recovery Console where you can select the following options: • Perform file system repair: Repairs the file system on the Barracuda Spam & Virus Firewall. customers that have purchased the Instant Replacement service can call Barracuda Networks Technical Support and arrange for a new unit to be shipped out within 24 hours. Another method for enabling this troubleshooting connection is to click Establish Connection to Barracuda Networks on the ADVANCED >Troubleshooting page. After receiving the new system. use the tools provided on the ADVANCED > Troubleshooting page to try to resolve the problem. Barracuda Networks 3175 S. • Enable remote administration: Initiates a connection to that allows Barracuda Networks Technical Support to access the system. Replacing a Failed System Before you replace your Barracuda Spam & Virus Firewall. Barracuda Instant Replacement Service In the event that a Barracuda Spam & Virus Firewall fails and you cannot resolve the issue.

which can be determined by turning the equipment off and on. About the Hardware 125 . Notice for the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This device complies with part 15 of the FCC Rules. 2. Notice for Europe (CE Mark) This product is in conformity with the Council Directive 89/336/EEC.Appendix A About the Hardware Hardware Compliance This section contains compliance information for the Barracuda Spam & Virus Firewall hardware. This device may not cause harmful interference. Operation is subject to the following conditions: 1. and This device must accept any interference received including interference that may cause undesired operation. Plug the equipment into an outlet on a circuit different from that of the receiver. Consult the dealer or an experienced radio/television technician for help. Notice for Canada This apparatus complies with the Class B limits for radio interference as specified in the Canadian Department of Communication Radio Interference Regulations. If this equipment does cause harmful interference to radio or television reception. the user in encouraged to try one or more of the following measures: • • • • Reorient or relocate the receiving antenna. 92/31/EEC (EMC). Increase the separation between the equipment and the receiver.

126 Barracuda Spam & Virus Firewall Administrator’s Guide . frequency 50/60 Hz.Power Requirements AC input voltage 100-240 volts.

About the Hardware 127 .

128 Barracuda Spam & Virus Firewall Administrator’s Guide .

OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THE PRODUCT. ITS ACCOMPANYING SOFTWARE. Exclusive Remedy Your sole and exclusive remedy and the entire liability of Barracuda Networks under this limited warranty shall be. subsidiary or authorized Distributor selling the Barracuda Networks product. ("Barracuda Networks") warrants that commencing from the date of delivery to Customer (but in case of resale by a Barracuda Networks reseller. In connection with warranty services hereunder. All parts removed for replacement will become the property of the Barracuda Networks. and shall be furnished on an exchange basis. Inc. if sale is not directly by Barracuda Networks. Barracuda Networks does not warrant that the software or any equipment. Barracuda Networks may change the availability of limited warranties. In addition. Inc. and (b) the software provided in connection with its products. due to the continual development of new techniques for intruding upon and attacking networks.. Barracuda Networks may at its discretion modify the hardware of the product at no cost to you to improve its reliability or performance. IN NO EVENT SHALL BARRACUDA NETWORKS LIABILITY EXCEED THE PRICE PAID FOR THE PRODUCT FROM DIRECT.Appendix B Limited Warranty and License Limited Warranty Barracuda Networks. replacement or refund of the purchase price of any products sold which do not comply with this warranty. Inc. at Barracuda Networks discretion. SPECIAL. The limited warranty extends only to you the original buyer of the Barracuda Networks product and is non-transferable. INDIRECT. commencing not more than sixty (60) days after original shipment by Barracuda Networks. including any software contained or embedded in such products will substantially conform to Barracuda Networks published specifications in effect as of the date of manufacture. All parts will be new or refurbished. Except for the foregoing. but any changes will not be retroactive. Limited Warranty and License 129 . In no event does Barracuda Networks warrant that the software is error free or that Customer will be able to operate the software without problems or interruptions. The warranty period is not extended if Barracuda Networks repairs or replaces a warranted product or any parts. at its discretion. the repair. at Barracuda Networks or its service centers option and expense. Inc.. Barracuda Networks obligations hereunder are conditioned upon the return of affected articles in accordance with Barracuda Networks then-current Return Material Authorization ("RMA") procedures. Hardware replaced under the terms of this limited warranty may be refurbished or new equipment substituted at Barracuda Networks option. or the Barracuda Networks. INCIDENTAL. system or network on which the software is used will be free of vulnerability to intrusion or attack. the software is provided as is.). and continuing for a period of one (1) year: (a) its products (excluding any software) will be free from material defects in materials and workmanship under normal use. OR ITS DOCUMENTATION.

" (b) loaned or provided to you at no cost. This License allows you to use the Software only on the single Barracuda labeled hardware device on which the software was delivered. USAGE OR TRADE. (e) not installed. SYSTEM OR NETWORK ON WHICH BARRACUDA NETWORKS PRODUCTS WILL BE USED WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. (c) sold "as is. EXCEPT FOR THE ABOVE WARRANTY. Inc. EXCEPT FOR THE ABOVE WARRANTY. whether on disk. OR OTHER EQUIPEMENT IN WHICH FAILURE COULD LEAD TO DEATH. SECURE OR ERROR-FREE. You may not make a backup copy of the Software. 2. THE SOFTWARE OR ANY EQUIPMENT. You own the media on which the Barracuda Software is recorded but Barracuda retains ownership of the Barracuda Software itself. USEFULNESS. 130 Barracuda Spam & Virus Firewall Administrator’s Guide . BARRACUDA NETWORKS MAKES NO OTHER WARRANTY. LIFE SUPPORT MACHINES. BARRACUDA NETWORKS DOES NOT WARRANT THAT BARRACUDA NETWORKS PRODUCTS. IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE DO NOT USE THE SOFTWARE. operated or maintained in accordance with instructions supplied by Barracuda Networks. BARRACUDA NETWORKS PRODUCTS AND THE SOFTWARE IS PROVIDED "AS IS" AND BARRACUDA NETWORKS DOES NOT WARRANT THAT ITS PRODUCTS WILL MEET YOUR REQUIREMENTS OR BE UNINTERRUPTED. to you by Barracuda Networks. Software License PLEASE READ THIS SOFTWARE LICENSE AGREEMENT ("AGREEMENT") CAREFULLY BEFORE USING THE BARRACUDA SOFTWARE. or sublicense the Barracuda Software. Permitted License Uses and Restrictions. NONINFRINGEMENT. lease. OR THAT ANY ERRORS IN ITS PRODUCTS OR THE SOFTWARE WILL BE CORRECTED.Exclusions and Restrictions This limited warranty does not apply to Barracuda Networks products that are or have been (a) marked or identified as "sample" or "beta. You may not make copies of the Software and you may not make the Software available over a network where it could be utilized by multiple devices or copied. not sold. 1. in read only memory. OR ARISING FROM COURSE OF PERFORMANCE. negligence or to an accident. BY USING THE BARRACUDA SOFTWARE YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE. documentation. RELIABILITY. FITNESS FOR A PARTICULAR PURPOSE. AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS." (d) repaired. The rights granted are limited to Barracuda's intellectual property rights in the Barracuda Software and do not include any other patent or intellectual property rights. MERCHANTABILITY. AVAILABILITY. You may not modify or create derivative works of the Software except as provided by the Open Source Licenses included below. INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF TITLE. FURTHERMORE. ("Barracuda") for use only under the terms of this License and Barracuda reserves all rights not expressly granted to you. IMPLIED OR STATUTORY. OR ENVIRONMENTAL DAMAGE. EXPRESS. or (f) subjected to abnormal physical or electrical stress. TIMELY. or on any other media or in any other form (collectively "Barracuda Software") is licensed. The BARRACUDA SOFTWARE IS NOT INTENDED FOR USE IN THE OPERATION OF NUCLEAR FACILITIES. You may not transfer. IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE YOU MAY RETURN THE SOFTWARE OR HARDWARE CONTAINING THE SOFTWARE FOR A FULL REFUND TO YOUR PLACE OF PURCHASE. lend. misuse. PERSONAL INJURY. The software. WITH RESPECT TO BARRACUDA NETWORKS PRODUCTS. 3. altered or modified except by Barracuda Networks. rent. DEALING. AVAILABLE.

6. 5. OF ACCURACY. License. OR CORRECTION. PERFORMANCE. THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTIBILITY. BUSINESS INTERRUPTION. In no event shall Barracuda's total liability to you for all damages exceed the amount of one hundred dollars. REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF BARRACUDA HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. This License is effective until terminated. TO THE EXTENT NOT PROHIBITED BY LAW. This License is automatically terminated without notice if you fail to comply with any term of the License. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOU WILL PROVIDE AN UNLIMITED ZERO COST LICENSE TO BARRACUDA FOR ANY PATENTS OR OTHER INTELLECTUAL PROPERTY RIGHTS UTILIZED IN THE BARRACUDA SOFTWARE WHICH YOU EITHER OWN OR CONTROL. INCLUDING. OF FITNESS FOR ANY APPLICATION. OF SATISFACTORY QUALITY. BY DOWNLOADING OR INSTALLING THE ENERGIZE UPDATE SOFTWARE. EITHER EXPRESSED OR IMPLIED OR STATUTORY. SHOULD THE BARRACUDA SOFTWARE PROVE DEFECTIVE. 7. LOSS OF DATA. QUALITY. THEN (A) DO NOT DOWNLOAD. YOU ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING. AND ACCURACY IS WITH YOU.4. THAT THE PERFORMANCE WILL MEET YOUR EXPECTATIONS. You may not use or otherwise export or re-export Barracuda Software except as authorized by the United States law and the laws of the jurisdiction where the Barracuda Software was obtained. AND BARRACUDA HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH RESPECT TO THE BARRACUDA SOFTWARE. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS LICENSE. DAMAGES FOR LOSS OF PROFITS. Export Control. IN NO EVENT SHALL BARRACUDA BE LIABLE FOR PERSONAL INJURY OR ANY INCIDENTAL SPECIAL. YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT THE USE OF THE BARRACUDA SOFTWARE IS AT YOUR OWN RISK AND THAT THE ENTIRE RISK AS TO SATISFACTION. INDIRECT. OR CONSEQUENTIAL DAMAGES WHATSOEVER. INCLUDING. OR. NO ORAL OR WRITTEN INFORMATION GIVEN BY BARRACUDA OR AUTHORIZED BARRACUDA REPRESENTATIVE SHALL CREATE A WARRANTY. OR THAT DEFECTS WILL BE CORRECTED. 8. INSTALL OR USE THE SOFTWARE. YOU MAY RETURN THE ENTIRE Limited Warranty and License 131 . THE BARRACUDA SOFTWARE IS PROVIDED "AS IS" WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND. ARISING OUT OF OR RELATED TO YOUR ABILITY TO USE OR INABILITY TO USE THE BARRACUDA SOFTWARE HOWEVER CAUSED. BARRACUDA DOES NOT WARRANT THE CONTINUED OPERATION OF THE SOFTWARE. Limitation of Liability. IF THE SOFTWARE IS SUPPLIED AS PART OF ANOTHER PRODUCT. YOU ARE CONSENTING TO BE BOUND BY THIS LICENSE. AND (B) YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND. BUT NOT LIMITED TO. OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES. THAT THE FUNCTIONS WILL MEET YOUR REQUIREMENTS. Upon termination you must destroy or return all copies of the Barracuda Software. AND OF NON-INFRINGEMENT OF THIRD PARTY RIGHTS. OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE. REPAIR. Energize Update Software License PLEASE READ THIS ENERGIZE UPDATE SOFTWARE LICENSE CAREFULLY BEFORE DOWNLOADING. WITHOUT LIMITATION. INSTALLING OR USING BARRACUDA NETWORKS OR BARRACUDA NETWORKS-SUPPLIED ENERGIZE UPDATE SOFTWARE. THAT THE OPERATION WILL BE ERROR FREE OR CONTINUOUS.

and (3) this Energize Update Software License. user documentation. sessions. disassemble or otherwise reduce the Energize Update Upgrades and Additional Copies. make error corrections to or otherwise modify or adapt the Energize Update Software or create derivative works based upon the Energize Update Software. "Upgrades") or backup copies of the Energize Update Software licensed or provided to Customer by Barracuda Networks or an authorized distributor/reseller for which Customer has paid the applicable license fees. ii. as applicable. Inc. for execution on. Customer shall use the Energize Update Software solely as embedded in. subsidiary (collectively "Barracuda Networks"). or (where the applicable documentation permits installation on non-Barracuda Networks equipment) for communication with Barracuda Networks equipment owned or leased by Customer. To the extent of a conflict between the provisions of the foregoing documents. Customer shall have no right. License. the foregoing license shall also be subject to the following limitations. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY SUCH ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER. ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL ENERGIZE UPDATE SOFTWARE AND HAS PAID THE 132 Barracuda Spam & Virus Firewall Administrator’s Guide . grants to the end-user ("Customer") a nonexclusive and nontransferable license to use the Barracuda Networks Energize Update program modules and data files for which Customer has paid the required license fees (the "Energize Update Software"). and Customer specifically agrees not to: i. Except as otherwise expressly provided under this Agreement. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM BARRACUDA NETWORKS OR AN AUTHORIZED BARRACUDA NETWORKS RESELLER. Inc.e. updates. iii. user documentation or web site for the Energize Update Software. Barracuda Networks. Customer's use of the Energize Update Software shall also be limited by any other restrictions set forth in Customer's purchase order or in Barracuda Networks' product catalog. assignment or sublicense shall be void. and Customer's use of the Energize Update Software shall also be limited. (2) the click-on agreement. transfer. In addition. decompile. to a maximum number of (a) seats (i. (b) concurrent users. or use on such greater number of chassis or central processing units as Customer may have paid Barracuda Networks the required license fee.PRODUCT FOR A FULL REFUND. or use the Energize Update Software on unauthorized or secondhand Barracuda Networks equipment. Subject to the terms and conditions of and except as otherwise provided in this Agreement. AND APPLIES ONLY IF YOU ARE THE ORIGINAL PURCHASER. or web site. ports. as applicable: Unless otherwise expressly provided in the documentation. For purposes of this Agreement.. the order of precedence shall be (1) the written agreement. or Software to human-readable form to gain access to trade secrets or confidential information in the Energize Update Software. AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE. reverse engineer. assign or sublicense its license rights to any other person. and any such attempted transfer. General Limitations. or to permit third parties to do the same. bug fixes or modified versions (collectively. as applicable and set forth in Customer's purchase order or in Barracuda Networks' product catalog. users with access to the installed Energize Update Software). and/or (c) central processing unit cycles or instructions per second. on a single central processing unit. and/or issued and outstanding IP addresses. or a Barracuda Networks. decrypt. Customer's use of the Energize Update Software shall be limited to use on a single hardware chassis. "Energize Update Software" shall include (and the terms and conditions of this Agreement shall apply to) any Energize Update upgrades. The following terms govern your use of the Energize Update Software except to the extent a particular program (a) is the subject of a separate written agreement with Barracuda Networks or (b) includes a separate "click-on" license agreement as part of the installation and/or download process.

hold harmless and defend Barracuda Networks and its affiliates. Proprietary Notices. including the U. fines. including technical data. Customer shall not make any copies or duplicates of any Energize Update Software without the prior written permission of Barracuda Networks. Customer shall implement reasonable security measures to protect and maintain the confidentiality of such trade secrets and copyrighted material. Protection of Information. Customer may terminate this License at any time by notifying Barracuda Networks and ceasing all use of the Energize Update Software. Upon termination. (2) USE OF UPGRADES IS LIMITED TO BARRACUDA NETWORKS EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE ENERGIZE UPDATE SOFTWARE WHICH IS BEING UPGRADED. Limited Warranty and License 133 . damages. or otherwise make available such trade secrets or copyrighted material in any form to any third party without the prior written consent of Barracuda Networks. functions. or (b) use or misuse of the Barracuda Networks Energize Update Software. and suits and all related liabilities.S. Customer must cease use of all copies of Energize Update Software in its possession or control.S. in any form. Term and Termination. Customer shall not disclose. specifications.APPLICABLE FEE FOR THE UPGRADE. Customer may make such backup copies of the Energize Update Software as may be necessary for Customer's lawful use. Customer agrees that aspects of the Energize Update Software and associated documentation. subsidiaries. against any and all third-party claims. Customer agrees to indemnify. features. costs and expenses (including. may be subject to U. capabilities. confidentiality. Barracuda Networks reserves the right at any time not to release or to discontinue release of any Energize Update Software and to alter prices. release dates. including the specific design and structure of individual programs. By terminating this License. general availability or other characteristics of any future releases of the Energize Update Software. or import Energize Update Software. of the Energize Update Software in the same form and manner that such copyright and other proprietary notices are included on the Energize Update Software. settlements. Export Administration Act and its associated regulations. directors. provided Customer affixes to such copies all copyright. commencing not more than sixty (60) days after original Energize Update Software purchase from Barracuda Networks) and continues for the period for which Customer has paid the required license fees. Customer's rights under this License will terminate immediately without notice from Barracuda Networks if Customer fails to comply with any provision of this License. Software. penalties. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export. This License is effective upon date of delivery to Customer of the initial Energize Update Software (but in case of resale by a Barracuda Networks distributor or reseller. and proprietary notices that appear on the original. Except as expressly authorized in this Agreement. constitute trade secrets and/or copyrighted material of Barracuda Networks. without limitation. proceedings. Title to Energize Update Software and documentation shall remain solely with Barracuda Networks. Energize Update Changes. Indemnity. export control laws. officers. Customer agrees to maintain and reproduce all copyright and other proprietary notices on all copies. licensing terms. employees and agents at Customers expense. Export. AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY. and may be subject to export or import regulations in other countries. actions. Customer forfeits any refund of license fees paid and is responsible for paying any and all outstanding invoices. provide. reasonable attorneys fees and other dispute resolution expenses) incurred by Barracuda Networks arising out of or relating to Customers (a) violation or breach of any term of this Agreement or any policy or guidelines referenced herein. re-export.

ALL EXPRESS OR IMPLIED CONDITIONS. due to the continual development of new techniques for intruding upon and attacking networks. IN NO EVENT WILL BARRACUDA NETWORKS BE LIABLE FOR ANY LOST REVENUE. Barracuda Networks does not warrant that the Energize Update Software or any equipment. This Energize Update Software License shall be governed by and construed in accordance with the laws of the State of California. OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE ENERGIZE UPDATE SOFTWARE EVEN IF BARRACUDA NETWORKS OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CONSEQUENTIAL. General Terms Applicable to the Energize Update Software License Disclaimer of Liabilities. At the end of the Energize Update Service Period. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED. without reference to principles of conflict of laws. FITNESS FOR A PARTICULAR PURPOSE. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES. In addition. the Energize Update Software License constitutes the entire agreement between the parties with respect to the license of the Energize Update Software and supersedes any conflicting or additional terms contained in the purchase order. Customer's sole and exclusive remedy and the entire liability of Barracuda Networks under this Energize Update Software License Agreement will be. No Warranty. AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. For DOD agencies.227-7015 (Nov 1995) shall also apply. WITHOUT LIMITATION. at Barracuda Networks option. and per subparagraph "(c)" of the "Commercial Computer Software . Customer may have the option to renew the Energize Update Service at the current list price. repair. the remaining provisions of the Energize Update Software License shall remain in full force and effect. whether in contract. Except as expressly provided herein. AND WARRANTIES INCLUDING. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS. REPRESENTATIONS. OR FOR SPECIAL. USAGE. THE ABOVE LIMITATION MAY NOT APPLY TO YOU. the restrictions set forth in the "Technical Data-Commercial Items" clause at DFARS 252. PROFIT. If any portion hereof is found to be void or unenforceable. OR TRADE PRACTICE. or otherwise. tort (including negligence).Restricted Rights" clause at FAR 52. ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY. SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. replacement. SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING. NONINFRINGEMENT. INDIRECT. In no event does Barracuda Networks warrant that the Energize Update Software is error free or that Customer will be able to operate the Energize Update Software without problems or interruptions. Norway or Switzerland. exceed the price paid by Customer. THE ABOVE LIMITATION MAY NOT APPLY TO YOU. English law shall apply. OR DATA. Renewal. provided that for Customers located in a member state of the European Union. Barracuda Networks' commercial software and commercial computer software documentation is provided to United States Government agencies in accordance with the terms of this Agreement. LAW. or refund of the Energize Update Software. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. system or network on which the Energize Update Software is used will be free of vulnerability to intrusion or attack. All initial subscriptions commence at the time of sale of the unit and all renewals commence at the expiration of the previous valid subscription. In no event shall Barracuda Networks' liability to Customer. The United Nations Convention on the International Sale of Goods shall not apply. ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.227-19 (June 1987). DISCLAIMER OF WARRANTY.Restricted Rights. INCIDENTAL. The Energize Update Software is provided AS IS. provided such Energize Update Service is available. 134 Barracuda Spam & Virus Firewall Administrator’s Guide .

for each author's protection and ours. distribute and/or modify the software. and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say. and (2) offer you this license which gives you legal permission to copy. MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document. that in whole or in part contains or is derived from the Program or any part thereof. they are outside its scope. but changing it is not allowed. we are referring to freedom. DISTRIBUTION AND MODIFICATION 0. Activities other than copying. Inc. Boston. if you distribute copies of such a program. whethergratis or for a fee. provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty. to be licensed as a whole at no charge to all third parties under the terms of this License. These restrictions translate to certain responsibilities for you if you distribute copies of the software. there is no warranty for this free software. and copy and distribute such modifications or work under the terms of Section 1 above. You may charge a fee for the physical act of transferring a copy. in any medium. 2. June 1991 Copyright (C) 1989. that you can change the software or use pieces of it in new free programs. distribution and modification follow. and give any other recipients of the Program a copy of this License along with the Program. You may copy and distribute verbatim copies of the Program's source code as you receive it. any free program is threatened constantly by software patents. refers to any such program or work. We protect your rights with two steps: (1) copyright the software. b) You must cause any work that you distribute or publish.) You can apply it to your programs. or if you modify it. the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses. GNU GENERAL PUBLIC LICENSE. To protect your rights. To prevent this. For example. 1. The precise terms and conditions for copying. and that you know you can do these things. so that any problems original authors' reputations. Preamble The licenses for most software are designed to take away your freedom to share and change it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead. distribution and modification are not covered by this License. Finally. and you may at your option offer warranty protection in exchange for a fee. we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. (GPL) Version 2. either verbatim or with modifications and/or translated into another language. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. keep intact all the notices that refer to this License and to the absence of any warranty. thus forming a work based on the Program. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING. You may modify your copy or copies of the Program or any portion of it. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. too. You must make sure that they. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish). on. below. Limited Warranty and License 135 . By contrast. The act of running the Program is not restricted. And you must show them these terms so they know their rights.Open Source Licensing Barracuda products may include programs that are covered by the GNU General Public License (GPL) or other "open source" license agreements. we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. The GNU license is re-printed below for you reference. and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). and the authors and copyright holders disclaim any warranty for such programs. receive or can get the source code. Also. (Hereinafter. These programs are copyrighted by their authors or other parties. provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. that you receive source code or can get it if you want it. Whether that is true depends on what the Program does. 1991 Free Software Foundation. too. not price. you must give the recipients all the rights that you have.) Each licensee is addressed as "you". Other programs are copyright by Barracuda Networks. The "Program". 51 Franklin St. we want its recipients to know that what introduced by others will not reflect on the we want to make certain that everyone understands that If the software is modified by someone else and passed they have is not the original. translation is included without limitation in the term "modification". in effect making the program proprietary. a work containing the Program or a portion of it. When we speak of free software. Fifth Floor.

as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues). your work based on the Program is not required to print an announcement. then as a consequence you may not distribute the Program at all. or rights. complete source code means all the source code for all modules it contains. and thus to each and every part regardless of who wrote it. agreement or otherwise) that contradict the conditions of this License. a complete machinereadable copy of the corresponding source code. plus the scripts used to control compilation and installation of the executable. However. which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. c) Accompany it with the information you received as to the offer to distribute corresponding source code. valid for at least three years. 7. which is implemented by public license practices. and will automatically terminate your rights under this License. If identifiable sections of that work are not derived from the Program. and so on) of the operating system on which the executable runs. kernel. the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. the recipient automatically receives a license from the original licensor to copy. do not apply to those sections when you distribute them as separate works. However. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. For example. modify. If. Each time you redistribute the Program (or any work based on the Program). (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer. since you have not signed it. For an executable work. to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If any portion of this section is held invalid or unenforceable under any particular circumstance. or. In addition. this section has the sole purpose of protecting the integrity of the free software distribution system. mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. from you under this License will not have their licenses terminated so long as such parties remain in full compliance. b) Accompany it with a written offer. whose permissions for other licensees extend to the entire whole. if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you. it is not the intent of this section to claim rights or contest your rights to work written entirely by you. nothing else grants you permission to modify or distribute the Program or its derivative works. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations. These actions are prohibited by law if you do not accept this License. You are not responsible for enforcing compliance by third parties to this License. distributing or modifying the Program or works based on it. 4. You may not copy.c) If the modified program normally reads commands interactively when run. when started running for such interactive use in the most ordinary way. modify. Thus. distribute or modify the Program subject to these terms and conditions. sublicense. the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. in accord with Subsection b above. and can be reasonably considered independent and separate works in themselves. they do not excuse you from the conditions of this License. You may copy and distribute the Program (or a work based on it. even though third parties are not compelled to copy the source along with the object code. then offering equivalent access to copy the source code from the same place counts as distribution of the source code. to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims. and telling the user how to view a copy of this License. the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler. you must cause it. sublicense or distribute the Program is void. If distribution of executable or object code is made by offering access to copy from a designated place. and its terms. for a charge no more than your cost of physically performing source distribution. you indicate your acceptance of this License to do so. However. to give any third party. Any attempt otherwise to copy. under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code. unless that component itself accompanies the executable. 3. or distribute the Program except as expressly provided under this License. and all its terms and conditions for copying. by modifying or distributing the Program (or any work based on the Program). Many people have made generous contributions to the wide range of software distributed through that 136 Barracuda Spam & Virus Firewall Administrator’s Guide . as a special exception. or. plus any associated interface definition files. Therefore. 6. (Exception: if the Program itself is interactive but does not normally print such an announcement. parties who have received copies. conditions are imposed on you (whether by court order. 5. You are not required to accept this License.) The source code for a work means the preferred form of the work for making modifications to it. the distribution of the whole must be on the terms of this License.) These requirements apply to the modified work as a whole. then this License. saying that you provide a warranty) and that users may redistribute the program under these conditions. rather. But when you distribute the same sections as part of a whole which is a work based on the Program.

Also add information on how to contact you by electronic and paper mail. either version 2 of the License. INCLUDING. write to the Free Software Foundation. THERE IS NO WARRANTY FOR THE PROGRAM. the commands you use may be called something other than `show w' and `show c'. USA. If the Program specifies a version number of this License which applies to it and "any later version". If the program is interactive. Such new versions will be similar in spirit to the present version. make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69. but WITHOUT ANY WARRANTY. and you are welcome to redistribute it under certain conditions. TO THE EXTENT PERMITTED BY APPLICABLE LAW. If the Program does not specify a version number of this License. This is free software. In such case. President of Vice Limited Warranty and License 137 . 10. to sign a "copyright disclaimer" for the program. 1 April 1989 Ty Coon. INCLUDING ANY GENERAL. Here is a sample. SPECIAL. attach the following notices to the program. You should have received a copy of the GNU General Public License along with this program. Copyright (C) yyyy name of author This program is free software. To do so. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. BE LIABLE TO YOU FOR DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program. YOU ASSUME THE COST OF ALL NECESSARY SERVICING. it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.Suite 330. 9. Of course.system in reliance on consistent application of that system. alter the names: Yoyodyne. INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS). OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE. and you want it to be of the greatest possible use to the public. the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty. EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. this License incorporates the limitation as if written in the body of this License. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces. REPAIR OR CORRECTION. we sometimes make exceptions for this. 8. without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. and each file should have at least the "copyright" line and a pointer to where the full notice is found. See the GNU General Public License for more details. signature of Ty Coon. you may choose any version ever published by the Free Software Foundation. This program is distributed in the hope that it will be useful. you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND.. 59 Temple Place . EITHER EXPRESSED OR IMPLIED. Inc. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. For software which is copyrighted by the Free Software Foundation. for details type `show w'. the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. so that distribution is permitted only in or among countries not thus excluded. but may differ in detail to address new problems or concerns. if any. if not. Inc. MA 02111-1307. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. one line to give the program's name and an idea of what it does. if necessary. NO WARRANTY 11. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. write to the Free Software Foundation.. Boston. they could even be mouse-clicks or menu items--whatever suits your program. you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. 12. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different. BUT NOT LIMITED TO. SHOULD THE PROGRAM PROVE DEFECTIVE. You should also get your employer (if you work as a programmer) or your school. type `show c' for details. Each version is given a distinguishing version number. or (at your option) any later version. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. write to the author to ask for permission.

"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form. Redistribution and use in source and binary forms." Barracuda Products may include the libspf library which is Copyright (c) 2004 James Couzens & Sean Comeau All rights reserved. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. BUT NOT LIMITED TO.apache. "License" shall mean the terms and conditions for use. BUT NOT LIMITED TO. All rights reserved. OR CONSEQUENTIAL DAMAGES (INCLUDING. Barracuda Products may contain programs that are Copyright (c) 1998-2003 Carnegie Mellon University. modify. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. this list of conditions and the following disclaimer. to any person obtaining a copy of this software and associated documentation files (the "Software"). to deal in the Software without restriction. INCLUDING. whether by contract or otherwise. free of charge. AND DISTRIBUTION 1.cmu. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. or are under common control with that entity. and the authors and copyright holders disclaim any warranty for such programs. with or without modification. WITHOUT LIMITATION. INDIRECT. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. WHETHER IN CONTRACT. including without limitation the rights to use. These programs are copyrighted by their authors or other parties. generated documentation.This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. OR PROFITS. this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice. IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL. or (iii) beneficial ownership of such entity. EXEMPLARY. Definitions. Barracuda products may include programs that are covered by the Apache License or other Open Source license agreements. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. DATA.org/licenses/ TERMS AND CONDITIONS FOR USE. please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh. reproduction. with or without modification. Other programs are copyright by Barracuda Networks. you may consider it more useful to permit linking proprietary applications with the library. this list of conditions and the following disclaimer. The Apache license is reprinted below for you reference. Redistributions in binary form must reproduce the above copyright notice. For permission or any other legal details. These programs are covered by the following License: "Permission is hereby granted. are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice. and conversions to other media types. Barracuda Products may contain programs that are copyright (c)1995-2005 International Business Machines Corporation and others. as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Computing Services at Carnegie Mellon University (http://www. ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. IN NO EVENT SHALL THE AUTHORS MAKING USE OF THIS LICENSE OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. fax: (412) 268-7395 tech-transfer@andrew. Redistributions of source code must retain the above copyright notice. 2. It is covered by the following agreement: Redistribution and use in source and binary forms. distribute. Apache License Version 2. 138 Barracuda Spam & Virus Firewall Administrator’s Guide . are permitted provided that the following conditions are met: 1. "Legal Entity" shall mean the union of the acting entity and all other entities that control. LOSS OF USE. merge. and to permit persons to whom the Software is furnished to do so. NEGLIGENCE OR OTHER TORTIOUS ACTION.edu . STRICT LIABILITY. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. DATA OR PROFITS. REPRODUCTION. made available under the License. INCLUDING. For the purposes of this definition. whether in Source or Object form. Redistributions of source code must retain the above copyright notice. SPECIAL. The name "Carnegie Mellon University" must not be used to endorse or promote products derived from this software without prior written permission. and/or sell copies of the Software. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. "Work" shall mean the work of authorship. "Source" form shall mean the preferred form for making modifications. publish. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission.cmu. are controlled by. use the GNU Library General Public License instead of this License. including but not limited to software source code. and configuration files. copy. January 2004 http://www. documentation source. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. INCIDENTAL. If this is what you want to do." Barracuda Products may include programs that are covered by the BSD License: "Redistribution and use in source and binary forms. with or without modification. WHETHER IN AN ACTION OF CONTRACT. INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE. including but not limited to compiled object code. PA 15213-3890 (412) 268-4387. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. Redistributions in binary form must reproduce the above copyright notice. to cause the direction or management of such entity. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.edu/computing/). and distribution as defined by Sections 1 through 9 of this document. provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation. or (ii) ownership of fifty percent (50%) or more of the outstanding shares. All rights reserved.0. "control" means (i) the power." CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE. direct or indirect. 2. are permitted provided that the following conditions are met: 1.

including. incidental. provided Your use. with or without modifications. no-charge. and attribution notices from the Source form of the Work."Derivative Works" shall mean any work. This License does not grant permission to use the trade names. 8. then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file. Limitation of Liability. including any direct. offer to sell. without limitation. reproduction. nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. contract. worldwide. Unless You explicitly state otherwise. prepare Derivative Works of. within a display generated by the Derivative Works. and distribute the Work and such Derivative Works in Source or Object form. "submitted" means any form of electronic. and charge a fee for. have made. However. You may choose to offer. excluding those notices that do not pertain to any part of the Derivative Works. Notwithstanding the above. sell. and otherwise transfer the Work. and issue tracking systems that are managed by. that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. each Contributor hereby grants to You a perpetual. publicly display. or any and all other commercial damages or losses). annotations. 9. in accepting such obligations. trademarks. whether in Source or Object form. or other modifications represent. work stoppage. then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. excluding those notices that do not pertain to any part of the Derivative Works. unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing. warranty. computer failure or malfunction. each Contributor hereby grants to You a perpetual. Subject to the terms and conditions of this License. and (d) If the Work includes a "NOTICE" text file as part of its distribution. and distribution of the Work otherwise complies with the conditions stated in this License. if provided along with the Derivative Works. whether in tort (including negligence). not on behalf of any Limited Warranty and License 139 . either express or implied. 4. no-charge. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use. Submission of Contributions. 3. as a whole. non-exclusive. special. publicly perform. or for any such Derivative Works as a whole. sublicense. For the purposes of this definition. 5." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. royalty-free. MERCHANTABILITY. or other liability obligations and/or rights consistent with this License. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement. where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. For the purposes of this License. indirect. irrevocable copyright license to reproduce. in the Source form of any Derivative Works that You distribute. use. but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution. 2. shall any Contributor be liable to You for damages. alongside or as an addendum to the NOTICE text from the Work. or product names of the Licensor. royalty-free. or on behalf of. including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof. Unless required by applicable law or agreed to in writing. elaborations. and (b) You must cause any modified files to carry prominent notices stating that You changed the files. trademark. an original work of authorship. in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works. and (c) You must retain. Subject to the terms and conditions of this License. You may add Your own attribution notices within Derivative Works that You distribute. even if such Contributor has been advised of the possibility of such damages. if and wherever such third-party notices normally appear. non-exclusive. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. reproduction. or written communication sent to the Licensor or its representatives. the Licensor for the purpose of discussing and improving the Work. Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS. NON-INFRINGEMENT. Grant of Patent License. including but not limited to communication on electronic mailing lists. Grant of Copyright License. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium. "Contribution" shall mean any work of authorship. In no event and under no legal theory. the Work and Derivative Works thereof. without any additional terms or conditions. acceptance of support. Disclaimer of Warranty. patent. indemnity. 6. or otherwise. irrevocable (except as stated in this section) patent license to make. service marks. Redistribution. or merely link (or bind by name) to the interfaces of. within the Source form or documentation. Trademarks. While redistributing the Work or Derivative Works thereof. 7. any warranties or conditions of TITLE. Accepting Warranty or Additional Liability. except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. The contents of the NOTICE file are for informational purposes only and do not modify the License. worldwide. all copyright. import. and in Source or Object form. provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License. any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License. that is based on (or derived from) the Work and for which the editorial revisions. source code control systems. or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill. You may act only on Your own behalf and on Your sole responsibility. or. provided that such additional attribution notices cannot be construed as modifying the License. or distribution of Your modifications. or FITNESS FOR A PARTICULAR PURPOSE. Derivative Works shall not include works that remain separable from. verbal.

and hold each Contributor harmless for any liability incurred by. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. either express or implied. with the fields enclosed by brackets "[]" replaced with your own identifying information. If you would like a copy of the source code or the changes to a particular program we will gladly provide them. You may obtain a copy of the License at http://www. and mail the media.other Contributor. for a fee of $100.0 (the "License"). Version 2. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. or claims asserted against. Source Code Availability Per the GPL and other "open source" license agreements the complete machine readable source code for programs covered by the GPL or other "open source" license agreements is available from Barracuda Networks at no charge. such Contributor by reason of your accepting any such warranty or additional liability. on a CD. 140 Barracuda Spam & Virus Firewall Administrator’s Guide .org/licenses/LICENSE-2. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND. create the media. See the License for the specific language governing permissions and limitations under the License. This fee is to pay for the time for a Barracuda Networks engineer to assemble the changes and source code. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License. package the media. you may not use this file except in compliance with the License.0 Unless required by applicable law or agreed to in writing.00. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. and only if You agree to indemnify. Please send a check payable in USA funds and include the program name. attach the following boilerplate notice. We will mail the packaged source code for any program covered under the GPL or other "open source" license. defend. To apply the Apache License to your work.apache. software distributed under the License is distributed on an "AS IS" BASIS.

POP. managing 89 DNS configuration 32 Domain Admin account role 102 domain configuration. 67 Auditor account role 93.141 . 40 Cloud Protection Layer 69 Advantages 70 clustering the Barracuda Spam & Virus Firewall data not synchronized across the cluster 79 limiting user access to a clustered system 48 removing a failed system from a cluster 79 setting up clustered systems 77 configuration reloading 121 Configure 30 content filtering inbound mail 55 outbound mail 67 pre-made patterns 55 Control Center and Hybrid Mode 70 using 112 B Backscatter. RADIUS 48 single sign-on 47 Barracuda Real-Time protection (BRTS) 21 Barracuda Reputation 19. notifications of 41 attachment filtering 66 inbound 55 outbound 66. 98 defined 103 Authentication LDAP. updating 34. 40 getting the best accuracy 58 how it works 57 when to use it 58 block score 39 Bounce messages. 87 All_domains permissions assigning 99 Domain Admin 102 Helpdesk 100 allowed email recipient domains 32 and password-protected archives 66 Anti-Virus. sending or not 81 Bounce suppression 49. 53 Bayesian learning classifying messages 39. Reducing 81 Backup Bayesian database 119 configuration database 119 errors and alerts 109 Explicit Users to Accept For list 119 Barracuda Central 10 Barracuda Control Center 70 D daily mail statistics 106 definitions. 118 diagnostic memory test 124 Disk space.Index A Account creation automatic 94 disabling 95 manually. default for the Barracuda Spam & Virus Firewall 32 Index . by administrators 95 manually. 74 Branding of encrypted message notifications 63 C Certificate generation 38 Classify incoming emails 39. 96. Barracuda Exchange Anti-Virus Agent for MS Exchange Server 40 API for remote configuration of the Barracuda Spam & Virus Firewall 93 Attachment blocking. by users 95 Advanced networking topics 80 alerts backup failures 109 emailed 109 LDAP errors 109 SNMP 109 system 109 Alias Linking 77.

default used in reply address 32 hourly mail statistics 106 I indicator lights 115 Initial 31 Instant Replacement Service 124 Internal virus scanning 40 Invalid Bounce Suppression 74 IP address. 106 Mail syslog 108 memory test 124 Message Log 39. configuring 82 network settings. integration with Barracuda Spam & Virus Firewall 72 F failed system. 49 Outlook and Lotus Notes plugins for classifying messages as Spam or Not Spam 59 sender-side option to encrypt 59 L Language blocking email by country 56 Non-delivery reports (NDRs) 81 notifications 89 Web Interface. Barracuda Exchange Anti-virus Agent 40 Explicit Users to Scan For 35 LDAP and User Account Authentication 48 LDAP errors alerts email 109 LDAPS (SSL/TLS) for user authentication 48 LEDs (on front panel) 115 Load Balancer in Direct Server Return Mode. filtering 66 Performance statistics 41 Permissions. 108 CPL. how filtering messages 71 CPL.domain level settings accessing 92 and quarantine 92 list of 36 E email routing incoming 34 Email Statistics inbound 42 outbound 42 Encryption of outbound email by redirection to existing encryption service 62 Requirements for using 62 using built-in encryption as outbound mail policy 48. locating the Barracuda Spam & Virus Firewall in your network 27 Firmware update 118 Front panel indicator lights 115 Microsoft Exchange Server Barracuda Exchange Anti-virus Agent 40 Models of the Barracuda Spam & Virus Firewall 14 monitoring tasks 105 MX records 34 N network interfaces. 62 with the Microsoft Outlook Add-In 59 Energize Updates 118 Ethernet interfaces 80 Exchange Mail Server. user-level 88 . selecting 37 Index . configuring for 81 Logging in administrator login 31 new account credentials 95 Loopback Adaptor 81 M mail statistics 41.142 P Password-protected attachment archives. initial configuration 30 Non-Delivery Reports (NDRs) 81 Notifications default language 89 for blocked attachments 41 for outbound quarantined messages 64 for recipients of encrypted messages 63 of quarantined messages 88 System Alerts Email Address 109 System Contact Email Address 109 H hardware compliance 125 hardware test 124 Helpdesk account role 100 Hostname. initial setting 30 IP Reputation 53 IPv6 networks 10 O Online Help 10 Outbound relay configuring 35. 71. replacing 124 Firewall.

enabling users to edit 96 Private (self-signed) certificates 38 Retry button retrying delivery of outbound messages 106 Role-based Administration 92 Roles Domain Admin 102 Helpdesk 100 User 99 Roles. Auditor account (unique) 93 Routing Email 34 routing incoming email 34 Q Quarantine disabling 85 domain level settings 92 global 85 inbox 87. 88 notifications 88 outbound mail 64 setting up 42 where quarantined messages go 86 Queue inbound and outbound messages 106 S Securing user access with single sign-on 47 Sender Policy Framework (SPF) 75 shutting down the system 121 Single Sign-On newly created accounts 95 user authentication 47 SMTP Encryption 48 SNMP query and alerts 109 spam scoring configuring via the API 47 domain level settings 37. minimizing 89 Syslog mail syslog 108 tracking changes to the configuration 47 using a syslog server for monitoring 114 system alerts 109 reboot 121 shutdown 121 System Alerts Email Address 109 System Contact Email Address 109 R RADIUS user account authentication 48 RAID 14 RAID disk storage alerts when problems arise 109 and Barracuda Spam & Virus Firewall models 14 status indicator on BASIC > Status page 106 rate control inbound mail 52 outbound mail 65 reboot options 123 Recipient Verification 76 recovery mode 123 Redirection of outbound mail 62 re-imaging the system 124 reloading the system 121 remote administration 124 Removing a Barracuda Spam & Virus Firewall From a Cluster 79 Replacement Service (Instant) 124 replacing a failed system 124 Reporting 111 Reputation.143 . contacting 15 Testing spam and virus scanning with a local user set 35 time zone 37 TLS encryption 48 Troubleshooting tools 122 Index . IP addresses 53 Requeuing outbound messages 107 RESET button 121 restarting the system 121 Restoring a backup 120 Retention Policy inbound messages 84 outbound messages 64 T tag score 39 Task Manager. generating 38 Static Routes 80 Statistics email 41 performance 41 Storage of email. using to monitor system tasks 113 TCP ports 30 technical support.Plugins for classifying messages as Spam or Not Spam 59 for encrypting messages from Microsoft Outlook 59 POP 48 POP user account authentication 48 Port Forwarding 80 post-installation tasks 38 Preferences. 93 initial settings 39 outbound mail 62 overview 13 per-user settings 36 SSL certificates.

POP 48 User account role 99 User accounts enabling features 96 User Features.Trusted (signed by a trusted CA) certificates 38 Trusted Forwarder 52. Default 87 User Login Activities tracking with syslog 47 V valid recipients and Predictive Sender Profiling 24 recipient verification 24 using the local database 76 Virtual Machine Deployment 26 virus scanning Hybrid mode 71 internal with Barracuda Exchange Anti-Virus Agent 40 when and where it is applied 40 W Warranty.144 . 75 U UDP ports 30 Updating definitions 118 firmware 118 updating firmware and definitions 118 UPS Support 29 User Access. Limiting 47 User Account Authentication LDAP. limited 129 Web interface for configuration 10 logging in 31 setting the default language 37 SSL-only access 38 Index . RADIUS.

145 .Index .

.

Barracuda Networks Technical Documentation RECLAIM YOUR NETWORK™ .

Sign up to vote on this title
UsefulNot useful